Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...

Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API...

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

SRC-2016-0039 : Microsoft Windows PDF Library PostScript Calculator Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of the Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...

Debian DLA-371-1 : foomatic-filters security update

Adam Chester discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer's native format. This could lead to the execution of arbitrary commands. The patch applied in DLA 365-1 prevented usage of...

DLA-371-1 foomatic-filters - security update

Bulletin has no description...

The EPS Awakens

On September 8, FireEye published details about an attack exploiting zero day vulnerabilities in Microsoft Office CVE-2015-2545 and Windows CVE-2015-2546. The attack was particularly notable because it leveraged PostScript to drive memory corruption in a way that had never been seen before. The...

Debian DLA-365-1 : foomatic-filters security update

It was discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer's native format. For Debian 6 Squeeze, this issue has been fixed in foomatic-filters version 4.0.5-6+squeeze2+deb6u11 NOTE: Tenabl...

DLA-365-1 foomatic-filters - security update

Bulletin has no description...

[SECURITY] Fedora 22 Update: potrace-1.13-2.fc22

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

[SECURITY] Fedora 23 Update: potrace-1.13-2.fc23

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

GNU a2ps Formatted String Denial of Service Vulnerability

GNU a2ps is a package developed by the GNU Project that supports the conversion of any type of file into a PostScript file. The GNU a2ps formatted-printing function fails to adequately filter user input that is used as a formatting descriptor, allowing an attacker to exploit the vulnerability to...

CVE-2004-1717

Multiple buffer overflows in the psscan function in ps.c for gv ghostview allow remote attackers to execute arbitrary code via a Postscript file with a long 1 BoundingBox, 2 comment, 3 Orientation, 4 PageOrder, or 5 Pages value...

Mageia: Security Advisory (MGASA-2015-0308)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows ATMFD.DLL CharString Stream Out-of-Bounds Reads

Source: https://code.google.com/p/google-security-research/issues/detail?id=382&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was...

CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

UBUNTU-CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

Code injection

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

DEBIAN-CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...