Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities
Vulnerabilities Discovered by Yves Younan of Cisco Talos.
Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution. A second vulnerability is an exploitable heap overflow. Finally, the last two vulnerabilities result in denial of service situations. To exploit these vulnerabilities, an attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities. Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).
In this post, we will discuss the following vulnerabilities: