https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug ID: 1444895 Summary: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: behdad@fedoraproject.org, bmcclain@redhat.com, cfergeau@redhat.com, dblechte@redhat.com, eedri@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, fonts-bugs@lists.fedoraproject.org, gklein@redhat.com, kevin@tigcc.ticalc.org, lsurette@redhat.com, mgoldboi@redhat.com, michal.skrivanek@redhat.com, mkasik@redhat.com, rbalakri@redhat.com, rh-spice-bugs@redhat.com, rjones@redhat.com, sherold@redhat.com, srevivo@redhat.com, ydary@redhat.com, ykaul@redhat.com
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1444917, 1444915, 1444916
--- Comment #1 from Adam Mariš amaris@redhat.com --- Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1444917]
Created mingw-freetype tracking bugs for this issue:
Affects: epel-7 [bug 1444915] Affects: fedora-all [bug 1444916]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1444915 [Bug 1444915] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 mingw-freetype: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1444916 [Bug 1444916] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 mingw-freetype: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1444917 [Bug 1444917] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 freetype: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1444919
Norman Sardella sardella@comcast.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sardella@comcast.net
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
--- Comment #2 from Marek Kašík mkasik@redhat.com --- I can not reproduce this one too with our freetype versions.
https://bugzilla.redhat.com/show_bug.cgi?id=1444895 Bug 1444895 depends on bug 1444917, which changed state.
Bug 1444917 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 freetype: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1444917
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |1223,reported=20170414,sour |1223,reported=20170414,sour |ce=cve,cvss3=7.8/CVSS:3.0/A |ce=cve,cvss3=7.8/CVSS:3.0/A |V:L/AC:L/PR:N/UI:R/S:U/C:H/ |V:L/AC:L/PR:N/UI:R/S:U/C:H/ |I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/ |freetype=new,rhel-6/freetyp |freetype=notaffected,rhel-6 |e=new,rhel-7/freetype=new,r |/freetype=notaffected,rhel- |hev-m-3/mingw-virt-viewer=n |7/freetype=notaffected,rhev |ew,fedora-all/freetype=affe |-m-3/mingw-virt-viewer=nota |cted,fedora-all/mingw-freet |ffected,fedora-all/freetype |ype=affected,epel-7/mingw-f |=notaffected,fedora-all/min |reetype=affected |gw-freetype=notaffected,epe | |l-7/mingw-freetype=notaffec | |ted Last Closed| |2017-06-29 00:47:10
--- Comment #3 from Huzaifa S. Sidhpurwala huzaifas@redhat.com --- This issue arises due to the following commit:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3bd79cc25...
Which has not been backported to version of freetype shipped with Red Hat Enterprise Linux and Fedora, hence these versions are not affected.
Upstream versions may also not be affected, because this was a very short lived regression.
https://bugzilla.redhat.com/show_bug.cgi?id=1444895 Bug 1444895 depends on bug 1444916, which changed state.
Bug 1444916 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 mingw-freetype: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1444916
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX
fonts-bugs@lists.fedoraproject.org