Thread: CVE-2020-15999 => Kindle jailbreak now possible
View Single Post
Old 11-12-2020, 11:13 AM   #5
DNSB
Bibliophagist
DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.
 
DNSB's Avatar
 
Posts: 46,665
Karma: 169712392
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
As I read the CVE, it has nothing to do with PDF or Type 1 fonts. To quote: "specially crafted TTF file with PNG sbit glyphs". There are sample TTF files floating around the dark edges of the Internet that will trigger this issue. Whether a Amazon ereader is vulnerable is a good question since libfreetype.so.whatever is included in the installed code.
DNSB is offline   Reply With Quote