4 matches found
CVE-2026-42308
A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service DoS condition, making the application unavailable. Mitigation To...
CVE-2026-5315
A flaw was found in Nothings stb. A remote attacker could exploit a vulnerability in the stbttbufget8 function of the stbtruetype.h library by manipulating input. This could lead to an out-of-bounds read, potentially causing a denial of service DoS for affected systems. Mitigation To mitigate thi...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stbttInitFontinternal function. An attacker can cause the affected component to become unavailable by supplying a specially crafted TrueType font file that triggers an out-of-bounds read. Workaround This...
PT-2024-13215
Name of the Vulnerable Software and Affected Versions fontTools versions 4.28.2 through 4.42.1 Description The subsetting module in fontTools has a XML External Entity Injection XXE vulnerability, allowing an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts containing a S...