Re: Thoughts on font linking and embedding from Erik van Blokland on 2011-02-16 (public-webfonts-wg@w3.org from February 2011)

From: Erik van Blokland <letterror@gmail.com>
Date: Wed, 16 Feb 2011 21:50:45 +0100
To: "Levantovsky, Vladimir" <Vladimir.Levantovsky@MonotypeImaging.com>
Cc: W3 WG <public-webfonts-wg@w3.org>
Message-Id: <8B005C6C-D906-41DE-8603-12F603C5177D@gmail.com>

On 16 feb 2011, at 21:26, Levantovsky, Vladimir wrote:

> We already know how powerful font exploits can be:
> http://news.cnet.com/8301-31021_3-20012511-260.html

The current list on http://static.nvd.nist.gov

CVE-2011-0020 -- 2011-01-24T13:00:03.783-05:00
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

CVE-2011-0033 -- 2011-02-10T11:00:13.427-05:00
The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."

CVE-2011-0556 -- 2011-02-10T11:00:32.300-05:00
The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to an unexpected sign extension and an invalid pointer dereference, a different vulnerability than CVE-2011-0569.

CVE-2011-0569 -- 2011-02-10T11:00:32.567-05:00
The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0556.

CVE-2011-0577 -- 2011-02-10T11:00:32.817-05:00
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.

CVE-2011-0594 -- 2011-02-10T13:00:58.583-05:00
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.

CVE-2011-0982 -- 2011-02-10T14:00:02.160-05:00
Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.

Received on Wednesday, 16 February 2011 20:51:22 UTC