14 matches found
Arbitrary Code Execution
freetype is vulnerable to arbitrary code execution. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary...
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath (Denial of Service)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys...
Microsoft Windows - win32k.sys TTF Processing win32k!sbit_Embolden win32k!ttfdCloseFontContext Use-After-Free (MS16-120)
Microsoft Windows - win32k.sys TTF Processing win32k!sbitEmbolden win32k!ttfdCloseFontContext Use-After-Free MS16-120 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=868 We have encountered Windows kernel crashes in the win32k!sbitEmbolden and win32k!ttfdCloseFontContext functio...
Windows win32k.sys TTF Font Processing win32k!scl_ApplyTranslation Pool-Based Buffer Overflow
Source: https://code.google.com/p/google-security-research/issues/detail?id=370&can=1 We have encountered a number of Windows kernel crashes in the win32k!sclApplyTranslation function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was...
Windows win32k.sys TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write
Source: https://code.google.com/p/google-security-research/issues/detail?id=402&can=1 We have encountered a Windows kernel crash in the win32k!fscBLTHoriz function while processing corrupted TTF font files, such as: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and...
Windows win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This canno...
Windows win32k.sys TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=402&can=1 We have encountered a Windows kernel crash in the win32k!fscBLTHoriz function while processing corrupted TTF font files, such as: ---...
Microsoft Windows - win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Microsoft Windows - win32k.sys TTF Font Processing win32k!fscRemoveDups Out-of-Bounds Pool Memory Access Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted...
Integer overflow
The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...
freetype security update
CentOS Errata and Security Advisory CESA-2007:0403-01 Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free,...
RHEL 2.1 / 3 / 4 / 5 : freetype (RHSA-2007:0403)
Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw...
CentOS 3 / 4 : freetype (CESA-2007:0403)
Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw...
freetype security update
CentOS Errata and Security Advisory CESA-2007:0403 Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free,...
Moderate: Red Hat Security Advisory: freetype security update
Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw...