This issue may be exploited by attackers to execute arbitrary code on the system. Vendors interested in updating their products are advised to do so quickly. Further information about this vulnerability can be found in RedTeam Pentesting’s advisory. CVE-2017-8446 - heap buffer overflow in OpenType-C (OTFCC) A remote code execution flaw was discovered in OpenType-C, a font rendering library. The issue is related to the ‘otfcc_hfont’ function and may be exploited to execute arbitrary code. Critical impact may be caused if victims are typically administrators of the targeted system. Vendor interest in updating products is advised. Further information about this vulnerability can be found in RedTeam Pentesting’s advisory. CVE-2017-8447 - heap buffer overflow in OpenType-C (OTFCC) A remote code execution flaw was discovered in OpenType-C, a font rendering library. The issue is related to the ‘otfcc_hfont’ function and may be exploited to execute arbitrary code. Critical impact may be caused if victims are typically administrators of the targeted system. Vendor interest in updating products is advised. Further information about this vulnerability can be found in RedTeam Pentesting’s advisory. CVE-2017-8448 - heap buffer overflow in OpenType-C (OTFCC) A remote code execution flaw was discovered in OpenType-C, a font rendering library. The issue is related to
Improper Permissions Handling
Improper permissions handling may allow attackers to gain access to sensitive information.
An information disclosure flaw has been found in the OpenType-C library. This flaw is related to improper handling of permissions and may be exploited by attackers to gain access to sensitive information on the targeted system. Further information about this vulnerability can be found in RedTeam Pentesting’s advisory.
Timeline
Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:14:00 UTC