The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
Recent assessments:
jcran at November 14, 2019 9:34pm UTC reported:
This vuln is triggerable as a drive-by if someone visits a site using a browser while the impacted nvidia blob driver was used on the system. You could do this by installing a custom set of font glyphs that contain shellcode, and overflowing the video buffer with a long βstringβ of those glyphs (which would write past the video buffer memory boundary). However, the likelihood of someone using this driver today is extremely low, so, not very useful.
Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 5
download2.rapid7.com/r7-0025
download2.rapid7.com/r7-0025/nv_exploit.c
nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
secunia.com/advisories/22419
secunia.com/advisories/22676
secunia.com/advisories/22730
secunia.com/advisories/22764
secunia.com/advisories/23678
security.gentoo.org/glsa/glsa-200611-03.xml
securityreason.com/securityalert/1742
securitytracker.com/id?1017072
sunsolve.sun.com/search/document.do?assetkey=1-26-102693-1
www.kb.cert.org/vuls/id/147252
www.mandriva.com/security/advisories?name=MDKSA-2007:007
www.rapid7.com/advisories/R7-0025.jsp
www.securityfocus.com/archive/1/448860/100/0/threaded
www.securityfocus.com/archive/1/451329/100/0/threaded
www.securityfocus.com/bid/20559
www.ubuntu.com/usn/usn-377-1
www.vupen.com/english/advisories/2006/4053
www.vupen.com/english/advisories/2006/4328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379
exchange.xforce.ibmcloud.com/vulnerabilities/29622