Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAOGJi+7UWmxUZercz+_TObWWwGz9NpZGSYL6Muy+hHDO-MW0Pw@mail.gmail.com>
Date: Fri, 28 Apr 2017 14:34:38 +0800
From: 李琪 <pjqruc@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical
 Problem in Program

Hello,

## Overview
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing
HarfBuzz with AFL.
Cairo is a 2d graphics library, and HarBuzz is an OpenType text shaping
engine which contains a tool named *hb-view* to give a graphical view of
text using Cairo with a font provided by user.
Owing to logical problem in program, the crash happens during null pointer
deference and the vulnerability will cause a denial-of-service attack with
a crafted font file.

## Note
I have reported this issue to cairo and here is the link:
https://bugs.freedesktop.org/show_bug.cgi?id=100763.

When I disclosure to Red Hat Product Security, they suggest me to use
CVE-2017-7475 for this issue and I have communicated this number to
upstream.


Best Regards,

--
Jiaqi Peng, Bingchang Liu @ VARAS of IIE

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.