Four vulnerabilities in the Graphite font processing library allow attackers to compromise machines by supplying them with malicious fonts. Graphite's authors describe the library as a tool capable of creating "smart fonts" that can display dynamic glyphs for showing complex writing systems.
Many applications use Graphite, and among them are Firefox, Pale Moon, Thunderbird, OpenOffice, LibreOffice, and WorldPad, but the library is also used in many Linux distros. According to an advisory, this library includes four vulnerabilities. The worst is an out-of-bounds read bug that allows attackers to crash the system and even execute arbitrary code on the machine.Read more