Oracle Java TTF File Stack Buffer Overflow

May 3, 2013

The Java software platform owned by Oracle allows developing cross-platform applications. Java Runtime Environment (JRE) contains Java Virtual Machine (JVM), libraries and other components whereas Java Development Kit (JDK) is a toolkit for developers. Java also allows developers to code the Graphics functionality using Swing or Abstract Window Toolkit (AWT) packages.

Java Applet is made of Java Code that can be embedded in a web page. When a user views the web page using a web browser, it downloads the Java Applet which gets executed in the JVM.

TrueType Font is an outline font standard developed by Apple. It is one of the most popular formats on the MAC OS and Windows Platforms. A TTF file is structured in a way that contains a number of tables which store the data to process the fonts. An application responsible for handling a TTF file should be able to parse these tables.

While handling TTF files, Java is capable of parsing the tables in the TTF file structure. However, it fails to validate one of the table structures which might be present in a malformed TTF file. This missing check can allow a Stack Based Buffer Overflow condition.

Remote attackers could exploit this vulnerability by persuading target users to visit a web site that links to a malicious Java applet that parses a malformed TTF file. Successful exploitation can cause stack overflow. This could potentially allow for arbitrary code execution in the security context of the logged in user.

Dell SonicWALL Threat team has released a SPY signature to address this vulnerability. The following signature was released:

  • 3973 Malformed-File class.TL.32

This vulnerability has not been assigned a CVE identifier.

Oracle has released an advisory regarding this issue.