[Bug 800583] CVE-2012-1127 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#35599, #35600)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800583
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2012-1127 freetype: |CVE-2012-1127 freetype:
|Out-of heap-based buffer |heap buffer over-read in
|read by parsing glyph |BDF parsing
|information and bitmaps for |_bdf_parse_glyphs()
|BDF fonts (FU#35599, |(#35599, #35600)
|FU#35600) |
Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
|reported=20120302,source=go |reported=20120302,source=se
|ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=4.3/AV:N/AC:M/
|:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre
|ype=affected,rhel-6/freetyp |etype=affected,rhel-6/freet
|e=affected,fedora-all/freet |ype=affected,fedora-all/fre
|ype=affected |etype=affected,fedora-all/m
| |ingw32-freetype=affected
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800581] CVE-2012-1126 freetype: heap buffer over-read in BDF parsing _bdf_is_atom() (#35597, #35598)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800581
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2012-1126 freetype: |CVE-2012-1126 freetype:
|Out-of heap-based buffer |heap buffer over-read in
|read by parsing, adding |BDF parsing _bdf_is_atom()
|properties in BDF fonts, or |(#35597, #35598)
|validating if property |
|being an atom (FU#35597, |
|FU#35598) |
Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
|reported=20120302,source=go |reported=20120302,source=se
|ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=4.3/AV:N/AC:M/
|:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre
|ype=affected,rhel-6/freetyp |etype=affected,rhel-6/freet
|e=affected,fedora-all/freet |ype=affected,fedora-all/fre
|ype=affected |etype=affected,fedora-all/m
| |ingw32-freetype=affected
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800597] CVE-2012-1138 freetype: heap OOB read in the MIRP instruction implementation in TTF BCI (#35646)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800597
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|impact=low,public=20120227, |impact=low,public=20120227,
|reported=20120302,source=se |reported=20120302,source=se
|calert,cvss2=4.3/AV:N/AC:M/ |calert,cvss2=4.3/AV:N/AC:M/
|Au:N/C:N/I:N/A:P,rhel-5/fre |Au:N/C:N/I:N/A:P,rhel-5/fre
|etype=notaffected,rhel-6/fr |etype=notaffected,rhel-6/fr
|eetype=notaffected,fedora-a |eetype=notaffected,fedora-a
|ll/freetype=affected |ll/freetype=affected,fedora
| |-all/mingw32-freetype=affec
| |ted
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800584] CVE-2012-1128 freetype: NULL dereference in the SHZ instruction implementation in TTF BCI (#35601)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800584
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
|reported=20120302,source=se |reported=20120302,source=se
|calert,cvss2=4.3/AV:N/AC:M/ |calert,cvss2=4.3/AV:N/AC:M/
|Au:N/C:N/I:N/A:P,rhel-5/fre |Au:N/C:N/I:N/A:P,rhel-5/fre
|etype=notaffected,rhel-6/fr |etype=notaffected,rhel-6/fr
|eetype=notaffected,fedora-a |eetype=notaffected,fedora-a
|ll/freetype=affected |ll/freetype=affected,fedora
| |-all/mingw32-freetype=affec
| |ted
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800593] CVE-2012-1135 freetype: heap off by one read in boundary check for NPUSHB and NPUSHW instructions in TTF BIC (#35640)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800593
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2012-1135 freetype: |CVE-2012-1135 freetype:
|Out-of heap-based buffer |heap off by one read in
|read in TrueType bytecode |boundary check for NPUSHB
|interpreter by executing |and NPUSHW instructions in
|NPUSHB and NPUSHW |TTF BIC (#35640)
|instructions (FU#35640) |
Status Whiteboard|impact=low,public=20120227, |impact=low,public=20120227,
|reported=20120302,source=go |reported=20120302,source=se
|ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=2.6/AV:N/AC:H/
|:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre
|ype=new,rhel-6/freetype=new |etype=notaffected,rhel-6/fr
|,fedora-all/freetype=new |eetype=notaffected,fedora-a
| |ll/freetype=affected,fedora
| |-all/mingw32-freetype=affec
| |ted
--- Comment #2 from Tomas Hoger <thoger(a)redhat.com> 2012-03-15 05:28:05 EDT ---
This flaw is in the TrueType bytecode interpreter (BCI) implementation. BCI is
not enabled in Red Hat Enterprise Linux 4, 5, and 6 freetype packages (it was
disabled by default upstream because of the patent concerns). BCI support is
now enabled by default in upstream versions 2.4 and later, as relevant patents
expired: http://www.freetype.org/patents.html
Statement:
Not vulnerable. This issue did not affect freetype packages as shipped with Red
Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode
interpreter.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800591] CVE-2012-1133 freetype: Out-of heap-based buffer write by parsing BDF glyph information and bitmaps (FU#35607)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800591
Jan Lieskovsky <jlieskov(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|impact=important,public=201 |impact=important,public=201
|20223,reported=20120302,sou |20223,reported=20120302,sou
|rce=google,cvss2=6.8/AV:N/A |rce=google,cvss2=6.8/AV:N/A
|C:M/Au:N/C:P/I:P/A:P,rhel-5 |C:M/Au:N/C:P/I:P/A:P,rhel-5
|/freetype=new,rhel-6/freety |/freetype=notaffected,rhel-
|pe=new,fedora-all/freetype= |6/freetype=notaffected,fedo
|new |ra-all/freetype=affected
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months
[Bug 800590] CVE-2012-1132 freetype: Out-of heap-based buffer read flaw in Type1 font loader by parsing font dictionary entries (FU#35606)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800590
Jan Lieskovsky <jlieskov(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
|reported=20120302,source=go |reported=20120302,source=go
|ogle,cvss2=4.3/AV:N/AC:M/Au |ogle,cvss2=4.3/AV:N/AC:M/Au
|:N/C:N/I:N/A:P,rhel-5/freet |:N/C:N/I:N/A:P,rhel-5/freet
|ype=new,rhel-6/freetype=new |ype=affected,rhel-6/freetyp
|,fedora-all/freetype=new |e=affected,fedora-all/freet
| |ype=affected
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 3 months