[Bug 1444911] New: CVE-2017-7864 freetype: heap-based buffer overflow related to the tt_size_reset function
9:24 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Bug ID: 1444911
Summary: CVE-2017-7864 freetype: heap-based buffer overflow
related to the tt_size_reset function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based
buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699...
--
You are receiving this mail because:
You are on the CC list for the bug.
9:29 a.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1444917, 1444915, 1444916
--- Comment #1 from Adam Mariš <amaris(a)redhat.com> ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1444917]
Created mingw-freetype tracking bugs for this issue:
Affects: epel-7 [bug 1444915]
Affects: fedora-all [bug 1444916]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1444915
[Bug 1444915] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1444916
[Bug 1444916] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444917
[Bug 1444917] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
freetype: various flaws [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
8:30 a.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1444919
Norman Sardella <sardella(a)comcast.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sardella(a)comcast.net
--
You are receiving this mail because:
You are on the CC list for the bug.
11:29 a.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
--- Comment #2 from Marek Kašík <mkasik(a)redhat.com> ---
This is the same case as #1444898 and #1444904. I can reliably reproduce the
issue with the "regressed" commit from the original report but not with any
freetype we distribute in Fedora.
--
You are receiving this mail because:
You are on the CC list for the bug.
11:45 a.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Bug 1444911 depends on bug 1444917, which changed state.
Bug 1444917 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 freetype:
various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444917
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
--
You are receiving this mail because:
You are on the CC list for the bug.
11:53 p.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017
|0202,reported=20170414,sour |0202,reported=20170414,sour
|ce=cve,cvss3=7.8/CVSS:3.0/A |ce=cve,cvss3=7.8/CVSS:3.0/A
|V:L/AC:L/PR:N/UI:R/S:U/C:H/ |V:L/AC:L/PR:N/UI:R/S:U/C:H/
|I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/
|freetype=new,rhel-6/freetyp |freetype=notaffected,rhel-6
|e=new,rhel-7/freetype=new,r |/freetype=notaffected,rhel-
|hev-m-3/mingw-virt-viewer=n |7/freetype=notaffected,rhev
|ew,fedora-all/freetype=affe |-m-3/mingw-virt-viewer=nota
|cted,fedora-all/mingw-freet |ffected,fedora-all/freetype
|ype=affected,epel-7/mingw-f |=notaffected,fedora-all/min
|reetype=affected |gw-freetype=notaffected,epe
| |l-7/mingw-freetype=notaffec
| |ted
Last Closed| |2017-06-29 00:53:12
--
You are receiving this mail because:
You are on the CC list for the bug.
4:32 a.m.
New subject: [Bug 1444911] CVE-2017-7864 freetype:
heap-based buffer overflow related to the tt_size_reset function
https://bugzilla.redhat.com/show_bug.cgi?id=1444911
Bug 1444911 depends on bug 1444916, which changed state.
Bug 1444916 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444916
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
2165
days inactive
2567
days old
fonts-bugs@lists.fedoraproject.org
6 comments
1 participants
participants (1)
-
bugzilla@redhat.com