freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] details on iPhone exploit caused by FreeType?


From: Werner LEMBERG
Subject: [ft-devel] details on iPhone exploit caused by FreeType?
Date: Fri, 08 Jul 2011 11:48:00 +0200 (CEST)

Folks,


has anyone more information on the recent exploit for the iPhone,
reportedly caused by a problem within FreeType's
`t1_decoder_parse_charstrings'?  Extracting the buggy font from

  http://www.jailbreakme.com/saffron/_/iPod_4.3.3_8J2.pdf

and testing the current ftview (from the git repository, but rather
the same as with version 2.4.5) with valgrind on my GNU/Linux box, I
get a bunch of

  Conditional jump or move depends on uninitialised value(s)

but nothing else (and I'll fix these problems in due course).

I must admit that I'm rather poor at understanding such exploits, but
AFAIK, a conditional jump can't be abused for executing arbitrary
code, right?  Please correct me if I'm wrong.


    Werner



reply via email to

[Prev in Thread] Current Thread [Next in Thread]