https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Bug ID: 1752788 Summary: CVE-2015-9381 freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mrehak@redhat.com CC: ajax@redhat.com, caillon+fedoraproject@gmail.com, fonts-bugs@lists.fedoraproject.org, gnome-sig@lists.fedoraproject.org, john.j5live@gmail.com, kevin@tigcc.ticalc.org, mclasen@redhat.com, mkasik@redhat.com, rhughes@redhat.com, rstrode@redhat.com, sandmann@redhat.com Target Milestone: --- Classification: Other
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
--- Comment #1 from Marian Rehak mrehak@redhat.com --- Upstream patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1p...
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Marian Rehak mrehak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1752789
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
--- Comment #2 from Huzaifa S. Sidhpurwala huzaifas@redhat.com --- Upstream bug (along with reproducer) at: https://savannah.nongnu.org/bugs/?45955
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1758402
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
--- Comment #5 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2019:4254 https://access.redhat.com/errata/RHSA-2019:4254
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2019:4254
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2019-12-17 14:09:23
--- Comment #6 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2015-9381
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- A heap-based buffer overflow flaw was found in FreeType prior to version 2.6.1.
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Marian Rehak mrehak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2015-9381 freetype: a |CVE-2015-9381 freetype: a |heap-based buffer over-read |heap-based buffer over-read |in T1_Get_Private_Dict in |in T1_Get_Private_Dict in |type1/t1parse.c leading to |type1/t1parse.c leading to |information disclosure |crash
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Marian Rehak mrehak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(mrehak@redhat.com | |) |
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Eric Christensen sparks@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |huzaifas@redhat.com Flags| |needinfo?(huzaifas@redhat.c | |om)
--- Doc Text *updated* --- An out-of-bounds buffer overflow flaw was found in FreeType prior to version 2.6.1.
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(huzaifas@redhat.c | |om) |
https://bugzilla.redhat.com/show_bug.cgi?id=1752788
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1966861
fonts-bugs@lists.fedoraproject.org