Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Dec 2010 17:21:29 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>,
        Ulrik Persson <>
Subject: CVE Request -- FontForge: Stack-based buffer overflow by processing
 specially-crafted CHARSET_REGISTRY font file header

Hello Steve, vendors,

   Ulrik Persson reported a stack-based buffer overflow
flaw in the way FontForge font editor processed certain
Bitmap Distribution Format (BDF) font files, with
specially-crafted value of the CHARSET_REGISTRY header.
A remote attacker could create a specially-crafted BDF
font file and trick a local, unsuspecting user into
opening it in FontForge, which could lead to fontforge
executable crash or, potentially, arbitrary code execution
with the privileges of the user running the executable.


Public PoC:

Flaw severity note:
On systems with compile time buffer checks (FORTIFY_SOURCE)
feature enabled, the impact of this flaw is mitigated to
be only crash.

Could you allocate a CVE id for this issue?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ