[Bug 1191081] New: CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
6:50 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Bug ID: 1191081
Summary: CVE-2014-9659 freetype: stack-based buffer overflow in
cff/cf2intrp.c in the CFF CharString interpreter
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9659 to the following
issue:
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4
proceeds with additional hints after the hint mask has been computed, which
allows remote attackers to execute arbitrary code or cause a denial of service
(stack-based buffer overflow) via a crafted OpenType font. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2014-2240.
http://code.google.com/p/google-security-research/issues/detail?id=190
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc45...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=1BW2tI8gZz&a=cc_unsubscribe
6:55 a.m.
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Vasyl Kaigorodov <vkaigoro(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1191099
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1191099
[Bug 1191099] CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 freetype: various
flaws [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=YyRP2e2TRm&a=cc_unsubscribe
6:55 a.m.
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
--- Comment #1 from Vasyl Kaigorodov <vkaigoro(a)redhat.com> ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1191099]
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=xFRRC5HJA5&a=cc_unsubscribe
7 a.m.
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Vasyl Kaigorodov <vkaigoro(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1191102
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=7q4gEikKxZ&a=cc_unsubscribe
noon
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Bug 1191081 depends on bug 1191099, which changed state.
Bug 1191099 Summary: CVE-2014-9656 CVE-2014-9657 CVE-2014-9661 CVE-2014-9660 CVE-2014-9667
CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9669 CVE-2014-9668 CVE-2014-9662
CVE-2014-9658 CVE-2014-9659 CVE-2014-9663 CVE-2014-9670 freetype: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1191099
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=1yI3Zq6P7g&a=cc_unsubscribe
noon
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
--- Comment #2 from Fedora Update System <updates(a)fedoraproject.org> ---
freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Rc1129Utc6&a=cc_unsubscribe
4:04 p.m.
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Status|NEW |CLOSED
Fixed In Version| |freetype 2.5.4
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2014 |impact=important,public=201
|1124,reported=20150210,sour |41124,reported=20150210,sou
|ce=cve,cvss2=3.7/AV:L/AC:H/ |rce=cve,cvss2=6.8/AV:N/AC:M
|Au:N/C:P/I:P/A:P,fedora-all |/Au:N/C:P/I:P/A:P,rhel-4/fr
|/freetype=affected,rhel-5/f |eetype=notaffected,rhel-5/f
|reetype=new,rhel-6/freetype |reetype=notaffected,rhel-6/
|=new,rhel-7/freetype=new |freetype=notaffected,rhel-7
| |/freetype=notaffected,rhev-
| |m-3/mingw-virt-viewer=notaf
| |fected,fedora-all/freetype=
| |affected,fedora-all/mingw-f
| |reetype=affected,epel-7/min
| |gw-freetype=affected
Severity|medium |high
Last Closed| |2015-02-19 17:04:40
--- Comment #3 from Tomas Hoger <thoger(a)redhat.com> ---
Upstream bug is:
https://savannah.nongnu.org/bugs/?43661
Issue was fixed upstream in 2.5.4.
Report indicates this is issue is an incomplete fix / variant of the
CVE-2014-2240 issue (bug 1074646). It affect code which was introduced in
upstream version 2.4.12, and enabled by default in 2.5. The affected code is
not in freetype packages in Red Hat Enterprise Linux 7 and earlier.
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=fxqvwlT1s1&a=cc_unsubscribe
1:57 a.m.
New subject: [Bug 1191081] CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jrusnack(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|41124,reported=20150210,sou |41124,reported=20150210,sou
|rce=cve,cvss2=6.8/AV:N/AC:M |rce=cve,cvss2=6.8/AV:N/AC:M
|/Au:N/C:P/I:P/A:P,rhel-4/fr |/Au:N/C:P/I:P/A:P,rhel-4/fr
|eetype=notaffected,rhel-5/f |eetype=notaffected,rhel-5/f
|reetype=notaffected,rhel-6/ |reetype=notaffected,rhel-6/
|freetype=notaffected,rhel-7 |freetype=notaffected,rhel-7
|/freetype=notaffected,rhev- |/freetype=notaffected,rhev-
|m-3/mingw-virt-viewer=notaf |m-3/mingw-virt-viewer=notaf
|fected,fedora-all/freetype= |fected,fedora-all/freetype=
|affected,fedora-all/mingw-f |affected,fedora-all/mingw-f
|reetype=affected,epel-7/min |reetype=affected,epel-7/min
|gw-freetype=affected |gw-freetype=affected,cwe=CW
| |E-121
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Q9Iq8ND6ee&a=cc_unsubscribe
3398
days inactive
3408
days old
fonts-bugs@lists.fedoraproject.org
7 comments
1 participants
participants (1)
-
Red Hat Bugzilla