«
Expand/Collapse
92 items tagged "font"
Related tags:
font engine [+],
font files [+],
denial of service [+],
arbitrary code [+],
red hat enterprise [+],
red [+],
pango [+],
mandriva linux [+],
cid [+],
marc schoenefeld [+],
integer overflow [+],
buffer overflow vulnerability [+],
adobe [+],
truetype [+],
parser [+],
linux security [+],
heap [+],
evince [+],
code [+],
apple quicktime [+],
afm [+],
freetype [+],
zero [+],
x freetype [+],
txt [+],
truetype font files [+],
target [+],
service vulnerability [+],
security notice [+],
robert swiecki [+],
position error [+],
parsing [+],
oracle java [+],
opcode [+],
mateusz jurczyk [+],
mateusz [+],
jonathan brossard [+],
jon larimer [+],
java [+],
input validation [+],
input [+],
heap memory [+],
heap corruption [+],
freetype library [+],
font names [+],
font data [+],
file [+],
director movie files [+],
debian linux [+],
component [+],
c heap [+],
buffer overflow [+],
brossard [+],
bdf font [+],
bdf [+],
application crash [+],
adobe shockwave player [+],
zdi [+],
shockwave [+],
sanitization [+],
postscript font [+],
library [+],
invalid pointer [+],
font metrics [+],
font library [+],
dsa [+],
cid keyed postscript [+],
bugtraq [+],
arbitrary code execution [+],
based buffer overflow [+],
x.org [+],
x server [+],
usn [+],
type 1 fonts [+],
tpti [+],
table [+],
stack overflow [+],
smudges [+],
remote [+],
postscript type [+],
pcf [+],
mdvsa [+],
margin notes [+],
mac os x apple [+],
length [+],
layout code [+],
irregularity [+],
glyph [+],
development [+],
database packages [+],
dan [+],
book [+],
average [+],
array index [+],
apple webkit [+],
apple safari [+],
apple mac os x [+],
apple mac os [+],
Software [+],
code execution [+],
application [+],
vulnerability [+],
lib [+],
red hat security [+],
font format [+],
compact [+],
buffer overflow vulnerabilities [+],
user [+],
type [+]
-
-
5:01
»
Hack a Day
An old book – the smell, the texture of the slowly rotting paper, and the smudges and margin notes accrued over decades – is one of the finer points in life taken for granted much too often. We’re bombarded with high precision vector typefaces all day, but [Dan]‘s Avería font is beautiful in its irregularity. [Dan] [...]
-
-
7:20
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0467-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font, Glyph Bitmap Distribution Format, Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
23:10
»
Packet Storm Security Advisories
Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.
-
23:10
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.
-
23:10
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.
-
-
21:30
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
-
16:18
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
16:18
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
16:18
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
15:59
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
15:59
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
15:49
»
Packet Storm Security Advisories
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
-
18:34
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.
-
18:34
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.
-
-
19:59
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-340 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application.
-
19:59
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-340 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application.
-
19:59
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-340 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application.
-
-
8:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1267-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
8:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1267-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
-
18:27
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1455-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:27
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1455-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:27
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1455-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
15:56
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1402-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
15:56
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1402-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
15:56
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1402-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
21:03
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1161-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
21:03
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1161-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
21:03
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1161-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
-
19:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:10
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
23:10
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
23:10
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
-
17:18
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
17:18
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
17:18
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
-
21:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.
-
21:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.
-
-
17:10
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2116-1 - Marc Schoenefeld has found an input stream position error in the way the FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code.
-
-
16:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 972-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
16:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 972-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
-
20:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-149 - Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code.
-
-
18:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 963-1 - Robert Swiecki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.
-
-
19:02
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2070-1 - Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.
-
19:01
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2070-1 - Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.
-
-
1:01
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-121 - Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. Packages for 2008.0 and 2009.0 are provided as of the Extended http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
-
-
14:50
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2019-1 - Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash).
-
14:49
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2019-1 - Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash).
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution