You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In libgraphite2 version 1.3.11 and the master branch, a critical memory corruption vulnerability was found in graphite2::Segment::~Segment(), which may allow attackers to cause a denial of service or possibly execute arbitrary code via a crafted font type file.
0x02 How to reproduce
This issue can be reproduced by the following command: gr2fonttest $POC -rtl -j 30 -cache -bytes 1 -noprint -codes 1000 102f 103f 104f 105f 106f 107f 108f 109f 10af 10bf 10cf 10df 10ef 10ff 2000 2001 2002 2003
0x01 Description
In libgraphite2 version 1.3.11 and the master branch, a critical memory corruption vulnerability was found in graphite2::Segment::~Segment(), which may allow attackers to cause a denial of service or possibly execute arbitrary code via a crafted font type file.
0x02 How to reproduce
This issue can be reproduced by the following command:
gr2fonttest $POC -rtl -j 30 -cache -bytes 1 -noprint -codes 1000 102f 103f 104f 105f 106f 107f 108f 109f 10af 10bf 10cf 10df 10ef 10ff 2000 2001 2002 2003
0x03 Debugging Information
For security consideration, the poc file attached is encrypted with a password which I have sent to you.
0x04 Author
This issue is reported by Ziqiang Gu from WeiRan Labs.
0x05 POC
libgraphite2-corrupted-size-or-prev_size-0x0x3bded-2.zip
The text was updated successfully, but these errors were encountered: