[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ft-devel] details on iPhone exploit caused by FreeType?
From: |
Werner LEMBERG |
Subject: |
[ft-devel] details on iPhone exploit caused by FreeType? |
Date: |
Fri, 08 Jul 2011 11:48:00 +0200 (CEST) |
Folks,
has anyone more information on the recent exploit for the iPhone,
reportedly caused by a problem within FreeType's
`t1_decoder_parse_charstrings'? Extracting the buggy font from
http://www.jailbreakme.com/saffron/_/iPod_4.3.3_8J2.pdf
and testing the current ftview (from the git repository, but rather
the same as with version 2.4.5) with valgrind on my GNU/Linux box, I
get a bunch of
Conditional jump or move depends on uninitialised value(s)
but nothing else (and I'll fix these problems in due course).
I must admit that I'm rather poor at understanding such exploits, but
AFAIK, a conditional jump can't be abused for executing arbitrary
code, right? Please correct me if I'm wrong.
Werner
- [ft-devel] details on iPhone exploit caused by FreeType?,
Werner LEMBERG <=
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Werner LEMBERG, 2011/07/08
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Алексей Подтележников, 2011/07/08
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Werner LEMBERG, 2011/07/09
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Алексей Подтележников, 2011/07/09
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Werner LEMBERG, 2011/07/09
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Алексей Подтележников, 2011/07/09
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Werner LEMBERG, 2011/07/10
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Алексей Подтележников, 2011/07/11
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Werner LEMBERG, 2011/07/11
- Re: [ft-devel] details on iPhone exploit caused by FreeType?, Алексей Подтележников, 2011/07/14