https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Bug ID: 1446500 Summary: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: behdad@fedoraproject.org, bmcclain@redhat.com, cfergeau@redhat.com, dblechte@redhat.com, eedri@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, fonts-bugs@lists.fedoraproject.org, gklein@redhat.com, kevin@tigcc.ticalc.org, lsurette@redhat.com, mgoldboi@redhat.com, michal.skrivanek@redhat.com, mkasik@redhat.com, rbalakri@redhat.com, rh-spice-bugs@redhat.com, rjones@redhat.com, sherold@redhat.com, srevivo@redhat.com, ydary@redhat.com, ykaul@redhat.com
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48e...
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1446503, 1446501, 1446502
--- Comment #1 from Adam Mariš amaris@redhat.com --- Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1446501]
Created mingw-freetype tracking bugs for this issue:
Affects: epel-7 [bug 1446503] Affects: fedora-all [bug 1446502]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1446501 [Bug 1446501] CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446502 [Bug 1446502] CVE-2017-8105 mingw-freetype: freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446503 [Bug 1446503] CVE-2017-8105 mingw-freetype: freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1446505 Blocks| |1446078
https://bugzilla.redhat.com/show_bug.cgi?id=1446500 Bug 1446500 depends on bug 1446501, which changed state.
Bug 1446501 Summary: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446501
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017 |0324,reported=20170424,sour |0324,reported=20170424,sour |ce=cve,cvss3=7.0/CVSS:3.0/A |ce=cve,cvss3=7.0/CVSS:3.0/A |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/ |freetype=new,rhel-6/freetyp |freetype=notaffected,rhel-6 |e=new,rhel-7/freetype=new,r |/freetype=notaffected,rhel- |hev-m-3/mingw-virt-viewer=n |7/freetype=affected,rhev-m- |ew,fedora-all/freetype=affe |3/mingw-virt-viewer=new,fed |cted,fedora-all/mingw-freet |ora-all/freetype=affected,f |ype=affected,epel-7/mingw-f |edora-all/mingw-freetype=af |reetype=affected |fected,epel-7/mingw-freetyp | |e=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017 |0324,reported=20170424,sour |0324,reported=20170424,sour |ce=cve,cvss3=7.0/CVSS:3.0/A |ce=cve,cvss3=7.0/CVSS:3.0/A |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |V:L/AC:H/PR:N/UI:R/S:U/C:H/ |I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/ |freetype=notaffected,rhel-6 |freetype=notaffected,rhel-6 |/freetype=notaffected,rhel- |/freetype=notaffected,rhel- |7/freetype=affected,rhev-m- |7/freetype=wontfix,rhev-m-3 |3/mingw-virt-viewer=new,fed |/mingw-virt-viewer=new,fedo |ora-all/freetype=affected,f |ra-all/freetype=affected,fe |edora-all/mingw-freetype=af |dora-all/mingw-freetype=aff |fected,epel-7/mingw-freetyp |ected,epel-7/mingw-freetype |e=affected |=affected Last Closed| |2017-08-22 05:07:35
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
--- Comment #3 from Stefan Cornelius scorneli@redhat.com --- Statement:
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
https://bugzilla.redhat.com/show_bug.cgi?id=1446500 Bug 1446500 depends on bug 1446502, which changed state.
Bug 1446502 Summary: CVE-2017-8105 mingw-freetype: freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1446502
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX
fonts-bugs@lists.fedoraproject.org