2 matches found
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0286 )
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to display text using a corrupted TTF font file: --- 3d4.454: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling...
Notes on Windows Uniscribe Fuzzing
Posted by Mateusz Jurczyk of Google Project Zero Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security ha...