[cairo-bugs] [Bug 100763] New: Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Apr 23 15:11:52 UTC 2017


            Bug ID: 100763
           Summary: Cairo-1.15.4 Denial-of-Service Attack due to Logical
                    Problem in Program
           Product: cairo
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: freetype font backend
          Assignee: david at freetype.org
          Reporter: pengjiaqi at iie.ac.cn
        QA Contact: cairo-bugs at cairographics.org

Created attachment 130989
  --> https://bugs.freedesktop.org/attachment.cgi?id=130989&action=edit
detailed analysis report, a poc file, proposed patch

## Overview
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing
HarfBuzz with AFL. HarBuzz is an OpenType text shaping engine and it contains a
tool named hb-view which utilizes Cairo to give a graphical view of text using
a font provided by user. This vulnerability is due to logical problem in
program, and can cause a Denial-of-Service attack with a crafted font file. 

The attachment is a zip file which includes my detail analysis report and a PoC
file. In order to avoid disclosing it before patch is released, I have
encrypted it. The developers can communicate with me to get the password.

## Author
name: Jiaqi Peng, Bingchang Liu @VARAS of IIE
email: pjqruc at gmail.com

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170423/ad8d0eeb/attachment.html>

More information about the cairo-bugs mailing list