Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Font Processing Library Affects Linux, OpenOffice, Firefox (softpedia.com)

Posted by timothy on Monday February 15, 2016 @01:57AM from the well-stop-using-fonts dept.

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

2 of 95 comments (clear)

Min score:

Reason:

Sort:

Re:But this is open source, right? by Anonymous Coward · 2016-02-15 02:18 · Score: 3, Funny

your eyes are not open source, they are processing fonts, and they are vulnerable
Re:Another buffer overflow by PPH · 2016-02-15 04:35 · Score: 1, Funny

Mozilla are
Mozilla is
or
Mozilli are

--
Have gnu, will travel.