>> ARCHIVE: 2019-07

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling due to incorrect handling of blendArray.

Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability due to integer overflow in readTTCDirectory.

Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability in OpenType font handling in readStrings.

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling due to out-of-bounds cubeStackDepth.

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling due to negative cubeStackDepth.

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling due to negative nAxes.

Microsoft DirectWrite / AFDKO suffers from a stack-based buffer overflow vulnerability in do_set_weight_vector_cube for large nAxes.

Microsoft DirectWrite / AFDKO suffers from an issue where it makes use of uninitialized memory while freeing resources in var_loadavar.

PowerPanel Business Edition version 3.4.0 is vulnerable to cross site request forgery vulnerability. This can be exploited by tricking an authenticated user into visiting a web page controlled by a…

Microsoft DirectWrite / AFDKO suffers from a heap-based out-of-bounds read/write vulnerability in OpenType font handling due to unbounded iFD.