CVE-2022-35045 An attacker could overflow a heap buffer in otfccdump via /release-x64/otfccdump+0x6b0d63.

This led to remote code execution as long as the user had administrator privileges. Red Hat was quick to issue a patch.

CVE-2018-3665 - heap buffer overflow in 'otfccdump' module https://www.redhat.com/security/data-security-report/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=617837b4b3c4a8dcb89aefd6a9e7eef2a94c83

CVE-2018-10930 - heap buffer overflow in 'otfccdump' module https://www.redhat.com/security/data-security-report/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbfe25b0f35e7983a5e5d5c1da5a9dc7f2c6a37

CVE-2018-10931 - heap buffer overflow in 'otfccdump' module https://www.redhat.com/security/data-security-report/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0bfae735f79b0d

What is GCC?

The GNU C Compiler, abbreviated as GCC, is a free software compiler for the C programming language. It produces object code compatible with most modern UNIX systems.

GCC includes many features that were not present in previous versions of C compilers. These include:

- Static single assignment (SSA)-based optimization, which replaces the method of generating optimized assembly code from hand-written assembly code with SSA formulae;
- Function inlining, including explicit function inlining and automatic inlining when certain conditions are met;
- Automatic parallelization using OpenMP or Intel's Threading Building Blocks (TBB) when appropriate, or manual control through the use of pragmas;
- A full system call interface based on Linux's System V ABI;
- Support for inline assembler directive expansion to gather statistics about functions called and their associated callers;  
- Support for variable argument lists and variadic functions through macros and GCC extensions.

References:

- https://www.redhat.com/security/data-security-report/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/_githash
- https://www.redhat.com/security/data-security-report

1) CVE-2018-3665 - heap buffer overflow in 'otfccdump' module
2) CVE-2018-10930 - heap buffer overflow in 'otfccdump' module
3) CVE-2018-10931 - heap buffer overflow in 'otfccdump' module

What does "OTFCC" mean?

OTFCC is an acronym for "OpenType Font Compatible".

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:13:00 UTC

References

• https://drive.google.com/file/d/1eIYb4VDyDnXLCjXKSoFQjkmoXyaCmr-m/view?usp=sharing
• https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35045.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35045