Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27269 of 28220

CVE-2017-11573

Posted by Cyberthreat Blog | Jul 23, 2017 | CVE Notifications |

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.

CVE-2017-11577

Posted by Cyberthreat Blog | Jul 23, 2017 | CVE Notifications |

FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.

CVE-2017-11575

Posted by Cyberthreat Blog | Jul 23, 2017 | CVE Notifications |

FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.

CVE-2017-11565

Posted by Cyberthreat Blog | Jul 23, 2017 | CVE Notifications |

debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption...

Another .lnk File, (Sun, Jul 23rd)

Posted by Cyberthreat Blog | Jul 23, 2017 | SANS ISC Bulletins |

In diary entry Office maldoc + .lnk we analyzed a Windows shortcut file (.lnk) and looked for metadata, but it didn width:1037px” /> This time we have more metadata, under TrackerDataBlock we can find the machine name...

Author: Cyberthreat Blog

CVE-2017-11573

CVE-2017-11577

CVE-2017-11575

CVE-2017-11565

Another .lnk File, (Sun, Jul 23rd)