Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Adobe Acrobat Font Parsing Integer Overflow Vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Acrobat Font Parsing Integer Overflow Vulnerability

Published: 2010-08-05
Last Updated: 2010-08-05 17:19:32 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
5 comment(s)

Charlie Miller discovered a integer overflow error in CoolType.dll when parsing the maxCompositePoints field value in the Maximum Profile table of a TrueType font. PDFs containing specially crafted TrueType fonts can trigger this vulnerability.

Want more information? Check the following document from pages 51 to 58: http://securityevaluators.com/files/papers/CrashAnalysis.pdf

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

5 comment(s)
Diary Archives