REDHAT-BUG-659359: Buffer Overflow
First published: Thu Dec 02 2010(Updated: )
Ulrik Persson reported a stack-based buffer overflow flaw in the way FontForge font editor processed certain Bitmap Distribution Format (BDF) font files, with specially-crafted value of the CHARSET_REGISTRY header. A remote attacker could create a specially-crafted BDF font file and trick a local, unsuspecting user into opening it in FontForge, which could lead to fontforge executable crash or, potentially, arbitrary code execution with the privileges of the user running the executable. References: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537</a> Public PoC: [2] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=fontforge-overflow.txt;att=1;bug=605537">http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=fontforge-overflow.txt;att=1;bug=605537</a> Flaw severity note: On systems with compile time buffer checks (FORTIFY_SOURCE) feature enabled, the impact of this flaw is mitigated to be only crash.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fonts |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=fontforge-overflow.txt;att=1;bug=605537
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=464292
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=464292&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=659365
- https://access.redhat.com/security/cve/CVE-2010-4259
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=464658&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=464658&action=edit
- https://admin.fedoraproject.org/updates/fontforge-20100501-5.fc14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=659359#c9
- https://bugzilla.redhat.com/show_bug.cgi?id=659359
Frequently Asked Questions
What is the severity of REDHAT-BUG-659359?
The severity of REDHAT-BUG-659359 is categorized as critical due to the potential for stack-based buffer overflow exploits.
How do I fix REDHAT-BUG-659359?
To fix REDHAT-BUG-659359, update to the latest version of FontForge that addresses this buffer overflow vulnerability.
What impact does REDHAT-BUG-659359 have on my system?
REDHAT-BUG-659359 allows remote attackers to execute arbitrary code on systems running vulnerable versions of FontForge.
Which versions of FontForge are affected by REDHAT-BUG-659359?
REDHAT-BUG-659359 affects older versions of FontForge prior to the release that includes the security patch.
Can I mitigate the risks of REDHAT-BUG-659359 even before applying a fix?
Yes, you can mitigate risks by restricting access to untrusted BDF font files and implementing application whitelisting for FontForge.
- collector/redhat-bugzilla
- alias/CVE-2010-4259
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fontforge
- canonical/fonts