Heap/integer overflows in font glyph rendering libraries
- July 21, 2009
- Will Drewry
- Fixed in
- Firefox 3.0.12
- Firefox 3.5
oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer.
The open-source nature of Linux meant that Mozilla was able to work
libpango maintainers to implement the correct fix
in version 1.24 of that system library which was distributed with OS
security updates. On Mac OS X Firefox works around the CoreGraphics
flaw by limiting the length of text runs passed to the system.
- OS X CoreGraphics - CVE-2009-2468
- Pango - CVE-2009-1194