Oracle Java TTF File Stack Buffer Overflow (May 3, 2013)


The Java software platform owned by Oracle allows developing cross-platform applications. Java Runtime Environment (JRE) contains Java Virtual Machine (JVM), libraries and other components whereas Java Development Kit (JDK) is a toolkit for developers. Java also allows developers to code the Graphics functionality using Swing or Abstract Window Toolkit (AWT) packages.

Java Applet is made of Java Code that can be embedded in a web page. When a user views the web page using a web browser, it downloads the Java Applet which gets executed in the JVM.

TrueType Font is an outline font standard developed by Apple. It is one of the most popular formats on the MAC OS and Windows Platforms. A TTF file is structured in a way that contains a number of tables which store the data to process the fonts. An application responsible for handling a TTF file should be able to parse these tables.

While handling TTF files, Java is capable of parsing the tables in the TTF file structure. However, it fails to validate one of the table structures which might be present in a malformed TTF file. This missing check can allow a Stack Based Buffer Overflow condition.

Remote attackers could exploit this vulnerability by persuading target users to visit a web site that links to a malicious Java applet that parses a malformed TTF file. Successful exploitation can cause stack overflow. This could potentially allow for arbitrary code execution in the security context of the logged in user.

Dell SonicWALL Threat team has released a SPY signature to address this vulnerability. The following signature was released:

  • 3973 Malformed-File class.TL.32

This vulnerability has not been assigned a CVE identifier.

Oracle has released an advisory regarding this issue.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.