CrossFont Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in CrossFont version 7.5. This vulnerability allows local attackers to cause a denial-of-service by crashing the application. The issue arises when an oversized payload is submitted through the License Key field. Attackers can create a malicious file with 4000 bytes of data, paste it into the License Key input, and trigger a crash as the application processes the input.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.
Reproduction
To reproduce this vulnerability, first generate a file named 'exploit.txt' containing 4000 bytes of data. This can be done using a simple Python script that writes the payload to a text file. After creating the payload file, open CrossFont 7.5 and navigate to the License Key input field. Paste the contents of 'exploit.txt' into the License Key field and click 'OK'. The application will crash shortly after the input is processed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.