It might allow an attacker to cause Denial of Service or leak memory data into dump content.Ĭairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.įreeType 2 before has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.įreeType 2 before has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.įreeType 2 before has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool.
Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.Ī stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/ in Xpdf 4.01.01.
A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.Īn issue was discovered in the truetype crate before 0.30.1 for Rust. The issue exists in TrueType font parser. VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component.
0 kommentar(er)
