CVE-2019-1412

MEDIUM

Windows Adobe Type Manager Font Driver - Information Disclosure via Memory Handling

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-980/

Scores

CVSS v3 5.5
EPSS 0.0159
EPSS Percentile 72.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (7)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1 (2 CPE variants)
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
Published Nov 12, 2019
Tracked Since Feb 18, 2026