Adobe Acrobat Font Parsing Integer Overflow Vulnerability
Published: 2010-08-05. Last Updated: 2010-08-05 17:19:32 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
5 comment(s)
by Manuel Humberto Santander Pelaez (Version: 1)
Charlie Miller discovered a integer overflow error in CoolType.dll when parsing the maxCompositePoints field value in the Maximum Profile table of a TrueType font. PDFs containing specially crafted TrueType fonts can trigger this vulnerability.
Want more information? Check the following document from pages 51 to 58: http://securityevaluators.com/files/papers/CrashAnalysis.pdf
-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
×
Diary Archives
Comments
Pete
Aug 5th 2010
1 decade ago
http://www.linux-watch.com/news/NS7542722606.html
PDF to become an open, ISO standard - Jan 29, 2007
What I found rather amusing was this quote…
“In the 14 years since Adobe published the complete PDF specification in 1993, PDF has become a de facto global standard for secure and dependable information exchange and archival storage.”
Isn’t it ironic, that what was once considered “secure and dependable” is now the cause of so much grief in the Information Assurance world.
Ken B
Aug 5th 2010
1 decade ago
Anon
Aug 5th 2010
1 decade ago
Updating all Readers, Acrobats is (becoming) a nightmare.
CypherBit
Aug 6th 2010
1 decade ago
Updating all Readers, Acrobats is (becoming) a nightmare.
CypherBit
Aug 6th 2010
1 decade ago