Fedora: Security Advisory (FEDORA-2025-893d125ddd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-49614a7cdf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: sfnt2woff-zopfli-1.3.1-15.fc41

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =E2=80=94 on average =E2=80=94 5-8% compared to regular WOFF files. Zopfli generates co mpressed output that is compatible with regular zlib...

[SECURITY] Fedora 42 Update: sfnt2woff-zopfli-1.3.1-15.fc42

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =E2=80=94 on average =E2=80=94 5-8% compared to regular WOFF files. Zopfli generates co mpressed output that is compatible with regular zlib...

Fedora 37 : woff (2022-c30d362ce5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c30d362ce5 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

Fedora 35 : woff (2022-d50ded078e)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d50ded078e advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

[SECURITY] Fedora 37 Update: sfnt2woff-zopfli-1.3.1-3.fc37

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Z opfli generates compressed output that is...

[SECURITY] Fedora 35 Update: sfnt2woff-zopfli-1.3.1-3.fc35

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Z opfli generates compressed output that is...

Fedora: Security Advisory for sfnt2woff-zopfli (FEDORA-2022-458378be7a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for woff (FEDORA-2022-c30d362ce5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for sfnt2woff-zopfli (FEDORA-2022-f0980dffd1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: woff-0.20091126-35.fc37

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

[SECURITY] Fedora 36 Update: woff-0.20091126-34.fc36

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

Fedora: Security Advisory for woff (FEDORA-2022-706c76c4f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

FreeType 'woff_open_font' Function Denial of Service Vulnerability

FreeType is the FreeType team developed a C-based , high-quality and portable open source font engine library , it can be used to rasterize the characters and mapped to bitmap and provide other font-related business support . A denial of service vulnerability exists in the FreeType 'woffopenfont'...

CVE-2014-9668

The woffopenfont function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact via ...

CVE-2014-9668

CVE-2014-9668 relates to FreeType. The issue stems from the woff_open_font function (sfnt/sfobjs.c) where offset+length is calculated without restricting length values, enabling a remote attacker to trigger a denial of service via a crafted WOFF file (integer overflow and heap-based buffer overfl...

x90c WOFF Firefox 1day exploit

Hi Forks! I share my WOFF 1day exploit. attachment: http://www.x90c.org/exploits/x90cWOFFexploit.tgz dep bypass vulnerability: CVE-2010-1028 WOFF Heap Corruption due to Integer Overflow affacted Products: - Mozilla Firefox 3.6 Gecko 1.9.2 - Mozilla Firefox 3.6 Beta1, 3, 4, 5 Beta2 ko not released...