https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Bug ID: 1446073 Summary: CVE-2017-8287 freetype: heap-based buffer overflow related to the t1_builder_close_contour function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: behdad@fedoraproject.org, bmcclain@redhat.com, cfergeau@redhat.com, dblechte@redhat.com, eedri@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, fonts-bugs@lists.fedoraproject.org, gklein@redhat.com, kevin@tigcc.ticalc.org, lsurette@redhat.com, mgoldboi@redhat.com, michal.skrivanek@redhat.com, mkasik@redhat.com, rbalakri@redhat.com, rh-spice-bugs@redhat.com, rjones@redhat.com, sherold@redhat.com, srevivo@redhat.com, ydary@redhat.com, ykaul@redhat.com
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08...
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1446074, 1446075, 1446076
--- Comment #1 from Adam Mariš amaris@redhat.com --- Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1446074]
Created mingw-freetype tracking bugs for this issue:
Affects: epel-7 [bug 1446076] Affects: fedora-all [bug 1446075]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1446074 [Bug 1446074] CVE-2017-8287 freetype: heap-based buffer overflow related to the t1_builder_close_contour function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446075 [Bug 1446075] CVE-2017-8287 mingw-freetype: freetype: heap-based buffer overflow related to the t1_builder_close_contour function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446076 [Bug 1446076] CVE-2017-8287 mingw-freetype: freetype: heap-based buffer overflow related to the t1_builder_close_contour function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1446078
Slawomir Czarko slawomir@ezono.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |slawomir@ezono.com
https://bugzilla.redhat.com/show_bug.cgi?id=1446073 Bug 1446073 depends on bug 1446074, which changed state.
Bug 1446074 Summary: CVE-2017-8287 freetype: heap-based buffer overflow related to the t1_builder_close_contour function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446074
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017 |0326,reported=20170427,sour |0326,reported=20170427,sour |ce=cve,cvss3=7.0/CVSS:3.0/A |ce=cve,cvss3=7.0/CVSS:3.0/A |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/ |freetype=new,rhel-6/freetyp |freetype=notaffected,rhel-6 |e=new,rhel-7/freetype=new,r |/freetype=notaffected,rhel- |hev-m-3/mingw-virt-viewer=n |7/freetype=affected,rhev-m- |ew,fedora-all/freetype=affe |3/mingw-virt-viewer=new,fed |cted,fedora-all/mingw-freet |ora-all/freetype=affected,f |ype=affected,epel-7/mingw-f |edora-all/mingw-freetype=af |reetype=affected |fected,epel-7/mingw-freetyp | |e=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017 |0326,reported=20170427,sour |0326,reported=20170427,sour |ce=cve,cvss3=7.0/CVSS:3.0/A |ce=cve,cvss3=7.0/CVSS:3.0/A |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/ |freetype=notaffected,rhel-6 |freetype=notaffected,rhel-6 |/freetype=notaffected,rhel- |/freetype=notaffected,rhel- |7/freetype=affected,rhev-m- |7/freetype=wontfix,rhev-m-3 |3/mingw-virt-viewer=new,fed |/mingw-virt-viewer=new,fedo |ora-all/freetype=affected,f |ra-all/freetype=affected,fe |edora-all/mingw-freetype=af |dora-all/mingw-freetype=aff |fected,epel-7/mingw-freetyp |ected,epel-7/mingw-freetype |e=affected |=affected Last Closed| |2017-08-22 05:07:34
https://bugzilla.redhat.com/show_bug.cgi?id=1446073
--- Comment #3 from Stefan Cornelius scorneli@redhat.com --- Statement:
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
fonts-bugs@lists.fedoraproject.org