SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
11 Feb 2016

Vulnerability in font processing library affects Linux, OpenOffice, Firefox

Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts.

In its description, Graphite's authors describe the library as a tool capable of creating "smart fonts" that can display dynamic glyphs for showing complex writing systems.

Many applications use Graphite, and among them are Firefox, Pale Moon, Thunderbird, OpenOffice, LibreOffice, and WorldPad, but the library is also used in many Linux distros. According to an advisory put out by the Cisco Talos security team, this library includes four vulnerabilities. The worst is an out-of-bounds read bug (CVE-2016-1521) that allows attackers to crash the system and even execute arbitrary code on the machine. While you may think a bug in a library you've never heard of may be easy to ignore, you couldn't be further from the truth.

Taking into account that Graphite has been included by default in Firefox since version 11, released on March 13, 2012, the library opens a wide target for attackers to exploit. Cisco says that by tinkering with Graphite-enabled fonts, hosting them on a server and delivering the malformed fonts to users inside the CSS of a malicious Web page, an attacker could weaponize their exploit without requiring any type of interaction on the user's part.

Firefox and one malicious font can compromise your computer

Users don't even have to click on the attacker's links and can be forced to access the malicious Web page hosting weaponized Graphite-enabled fonts via hidden redirects, often used by malvertising campaigns. Once the user reaches a page delivering malicious Graphite-enabled fonts, the vulnerability allows the attacker to get a foothold on the user's system.

Additionally, packing an exploit into a trojan would also allow classic malware to leverage this vulnerability against desktop software like OpenOffice and LibreOffice, and Linux distros that use it to display fonts. Besides the out-of-bounds issue, Cisco has also discovered a buffer overflow issue that led to remote code execution (CVE-2016-1523) and two DoS (Denial of Service) issues, but not as severe as the first two.

Researchers say they tested only Libgraphite 2-1.2.4 and Firefox 31 in their inquiries, but technically, other versions may also be vulnerable. In their threat advisory, the Cisco team does not mention if the Graphite team fixed these issues after their report, but the Graphite team released Libgraphite 2-1.3.5 at the start of January, which their changelog says contains a security bug fix. Experts have contacted the Graphite team for more details. We'll update the post with info about what version fixed the Cisco-reported issues when we have it.

Tags:
information leaks Linux Libgraphite
Source:
Softpedia
2192
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015