March 2012 - fonts-bugs - Fedora Mailing-Lists

[Bug 800581] CVE-2012-1126 freetype: Out-of heap-based buffer read by parsing, adding properties in BDF fonts, or validating if property being an atom (FU#35597, FU#35598)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800581 Jan Lieskovsky <jlieskov(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223, |reported=20120302,source=go |reported=20120302,source=go |ogle,cvss2=4.3/AV:N/AC:M/Au |ogle,cvss2=4.3/AV:N/AC:M/Au |:N/C:N/I:N/A:P,rhel-5/freet |:N/C:N/I:N/A:P,rhel-5/freet |ype=new,rhel-6/freetype=new |ype=affected,rhel-6/freetyp |,fedora-all/freetype=new |e=affected,fedora-all/freet | |ype=affected -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800607] CVE-2012-1144 freetype: Out-of heap-based buffer write in the TrueType bytecode interpreter by moving zone2 pointer point (FU#35689)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800607 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1144 freetype: |buffer write in the |Out-of heap-based buffer |TrueType bytecode |write in the TrueType |interpreter by moving zone2 |bytecode interpreter by |pointer point (FU#35689) |moving zone2 pointer point | |(FU#35689) Alias| |CVE-2012-1144 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:58:55 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800602] CVE-2012-1141 freetype: Out-of heap-based buffer read flaw by conversion of an ASCII string into a signed short integer by processing BDF fonts (FU#35658)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800602 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1141 freetype: |buffer read flaw by |Out-of heap-based buffer |conversion of an ASCII |read flaw by conversion of |string into a signed short |an ASCII string into a |integer by processing BDF |signed short integer by |fonts (FU#35658) |processing BDF fonts | |(FU#35658) Alias| |CVE-2012-1141 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:57:49 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800600] CVE-2012-1140 freetype: Out-of heap-based buffer read by conversion of PostScript font objects (FU#35657)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800600 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1140 freetype: |buffer read by conversion |Out-of heap-based buffer |of PostScript font objects |read by conversion of |(FU#35657) |PostScript font objects | |(FU#35657) Alias| |CVE-2012-1140 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:57:16 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800598] CVE-2012-1139 freetype: Array index error, leading to out-of stack based buffer read by parsing BDF font glyph information (FU#35656)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800598 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Array index |CVE-2012-1139 freetype: |error, leading to out-of |Array index error, leading |stack based buffer read by |to out-of stack based |parsing BDF font glyph |buffer read by parsing BDF |information (FU#35656) |font glyph information | |(FU#35656) Alias| |CVE-2012-1139 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:56:36 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800597] CVE-2012-1138 freetype: Out-of heap-based buffer read in the TrueType bytecode interpreter by executing the MIRP instruction (FU#35646)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800597 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1138 freetype: |buffer read in the TrueType |Out-of heap-based buffer |bytecode interpreter by |read in the TrueType |executing the MIRP |bytecode interpreter by |instruction (FU#35646) |executing the MIRP | |instruction (FU#35646) Alias| |CVE-2012-1138 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:56:01 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800595] CVE-2012-1137 freetype: Out-of heap-based buffer read by parsing BDF font header (FU#35643)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800595 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1137 freetype: |buffer read by parsing BDF |Out-of heap-based buffer |font header (FU#35643) |read by parsing BDF font | |header (FU#35643) Alias| |CVE-2012-1137 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:55:33 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800594] CVE-2012-1136 freetype: Out-of heap-based buffer write by parsing BDF glyph and bitmaps information with missing ENCODING field (FU#35641)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800594 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1136 freetype: |buffer write by parsing BDF |Out-of heap-based buffer |glyph and bitmaps |write by parsing BDF glyph |information with missing |and bitmaps information |ENCODING field (FU#35641) |with missing ENCODING field | |(FU#35641) Alias| |CVE-2012-1136 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:54:17 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800593] CVE-2012-1135 freetype: Out-of heap-based buffer read in TrueType bytecode interpreter by executing NPUSHB and NPUSHW instructions (FU#35640)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800593 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1135 freetype: |buffer read in TrueType |Out-of heap-based buffer |bytecode interpreter by |read in TrueType bytecode |executing NPUSHB and NPUSHW |interpreter by executing |instructions (FU#35640) |NPUSHB and NPUSHW | |instructions (FU#35640) Alias| |CVE-2012-1135 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:53:21 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800592] CVE-2012-1134 freetype: Out-of heap-based buffer write in Type1 font parser by retrieving font's private dictionary (FU#35608)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800592 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Out-of heap-based |CVE-2012-1134 freetype: |buffer write in Type1 font |Out-of heap-based buffer |parser by retrieving font's |write in Type1 font parser |private dictionary |by retrieving font's |(FU#35608) |private dictionary | |(FU#35608) Alias| |CVE-2012-1134 --- Comment #1 from Kurt Seifried <kseifried(a)redhat.com> 2012-03-06 15:52:52 EST --- Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs March 2012