This issue could be exploited by loading a maliciously crafted .otf file and could potentially lead to arbitrary code execution. As a mitigation measure, all versions of Windows from Windows 7 onwards are protected against this issue by default. If you are running an earlier version of Windows and want to update to a more secure version, you can do so by downloading and installing the latest version of Windows.
Another issue discovered in the same commit is a heap-based buffer overflow. This issue could be exploited by loading a specially crafted .otf file and could potentially lead to arbitrary code execution. As a mitigation measure, all versions of Windows from Windows 7 onwards are protected against this issue by default. If you are running an earlier version of Windows and want to update to a more secure version, you can do so by downloading and installing the latest version of Windows.
In addition to these security issues, a total of six other issues were discovered in this commit. The list of issues is as follows: - CVE-2018-8983: Heap buffer overflow in the OTFCCP::LineTo function (affects Windows 7 and later). Credit to Luan Herrera. - CVE-2018-8994: Heap buffer overflow in the OTFCCP::FillText function (affects Windows 7 and later). Credit to Luan Herrera. - CVE-2018-8995: Heap buffer overflow in the OTFCCP::FillShape function (aff
Summary of Changed Components and Dependencies
- CVE-2018-8983: Heap buffer overflow in the OTFCCP::LineTo function (affects Windows 7 and later) blocked by default on a mitigated system. - CVE-2018-8994: Heap buffer overflow in the OTFCCP::FillText function (affects Windows 7 and later). Credit to Luan Herrera. - CVE-2018-8995: Heap buffer overflow in the OTFCCP::FillShape function (affects Windows 7 and later). Credit to Luan Herrera.
Timeline
Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:10:00 UTC