Menu
▾
▴
[matplotlib-devel] code execution via AFM
|
From: Benjamin R. <ben...@ou...> - 2015-07-21 21:43:19
|
Pretty sure this doesn't impact us, but just thought I'd throw this out there: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2426 Looks like Microsoft's AFM library didn't properly sanitize malicious OpenType font files and suffered from a buffer underflow, allowing for arbitrary code execution. Ben Root |