LIBPNG / LIBTTF Exploits?

[Wally]

Hi Guys,

Was just browsing a security website known as FrSIRT and discovered that there were exploits in LIBPNG and LIBTTF

references:
http://www.frsirt.com/english/advisories/2007/1894 - libTTF
http://www.frsirt.com/english/advisories/2007/1838 - libPNG


If anything can be done, it would be great!

[afiser]

libTTF is a font library

and the libPNG vulnerability doesn't seem to cause an overflow so i doubt it can be useful.

[Greatmetal]

Last time I knew as a buffer overflow was a DOS type attack. Don't give up so easily asifer.

[Greatmetal]

Why is no one giving their input on this? It needs to be looked at in case it is a usable exploit :/.

[Raphael]

TTF will at most lead to an exploit in the browser and that will at most give user mode access. So that's not the best point to look for. The PNG exploit on the other side was labeled 'low risc', so I'm not sure if that will be useable at all.

[ufoz]

The PSP firmware uses its own proprietary font system, not TTF, so that one isn't even applicable.
Anyway, I thought we don't really discuss exploits here...?

[Wally]

TTF will at most lead to an exploit in the browser and that will at most give user mode access. So that's not the best point to look for. The PNG exploit on the other side was labeled 'low risc', so I'm not sure if that will be useable at all.

User mode can lead to full access though anyway (As seen in the past)

And it would keep those people on 3.10 - 3.40 happy where they can run Nes or something without the need of access to the kernel..

its just a new chapter :P

[Raphael]

User mode can lead to full access though anyway (As seen in the past)

Not unless another exploit in the kernel functions is found. And THAT is the real problem about it, so I'd rather first investigate for such exploits. But I'm not the man for that anyway, so I don't care really.

[Wally]

Thats understandable.

I tried to sick skylark onto it, but hes lazy :P

Wally