Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program
Submitted by Jiaqi Peng
Assigned to David Turner
Link to original bug (#100763)
Description
Created attachment 130989 detailed analysis report, a poc file, proposed patch
Overview
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing HarfBuzz with AFL. HarBuzz is an OpenType text shaping engine and it contains a tool named hb-view which utilizes Cairo to give a graphical view of text using a font provided by user. This vulnerability is due to logical problem in program, and can cause a Denial-of-Service attack with a crafted font file.
The attachment is a zip file which includes my detail analysis report and a PoC file. In order to avoid disclosing it before patch is released, I have encrypted it. The developers can communicate with me to get the password.
Author
name: Jiaqi Peng, Bingchang Liu @VARAS of IIE email: pjqruc@gmail.com
Attachment 130989, "detailed analysis report, a poc file, proposed patch":
cairo_report_poc.zip