11:58 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Bug ID: 1890210
Summary: CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
erack(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org,
gecko-bugs-nobody(a)redhat.com, gghezzo(a)redhat.com,
gnome-sig(a)lists.fedoraproject.org, gparvin(a)redhat.com,
jhorak(a)redhat.com, john.j5live(a)gmail.com,
jramanat(a)redhat.com, jweiser(a)redhat.com,
kevin(a)tigcc.ticalc.org, mclasen(a)redhat.com,
mkasik(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
scorneli(a)redhat.com, stcannon(a)redhat.com,
stransky(a)redhat.com, thee(a)redhat.com,
tpopela(a)redhat.com
Target Milestone: ---
Classification: Other
A flaw was found in freetype in the way it processes PNG images embedded into
fonts. A crafted TTF file can lead to heap-based buffer overflow due to integer
truncation in Load_SBit_Png function.
Reference:
https://savannah.nongnu.org/bugs/?59308
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab...
--
You are receiving this mail because:
You are on the CC list for the bug.
11:58 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Guilherme de Almeida Suckevicz <gsuckevi(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1890211
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1890211
[Bug 1890211] CVE-2020-15999 freetype: heap-based buffer overflow via malformed
ttf files [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
11:58 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Guilherme de Almeida Suckevicz <gsuckevi(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1890212
--- Comment #1 from Guilherme de Almeida Suckevicz <gsuckevi(a)redhat.com> ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1890211]
--
You are receiving this mail because:
You are on the CC list for the bug.
7:12 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(erack(a)redhat.com)
--
You are receiving this mail because:
You are on the CC list for the bug.
7:30 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Eike Rathke <erack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(erack(a)redhat.com) |
--
You are receiving this mail because:
You are on the CC list for the bug.
8:01 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Bug 1890210 depends on bug 1890211, which changed state.
Bug 1890211 Summary: CVE-2020-15999 freetype: heap-based buffer overflow via malformed ttf
files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1890211
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
4:27 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1890271
--
You are receiving this mail because:
You are on the CC list for the bug.
3:07 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #6 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:4351 https://access.redhat.com/errata/RHSA-2020:4351
--
You are receiving this mail because:
You are on the CC list for the bug.
3:07 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:4351
--
You are receiving this mail because:
You are on the CC list for the bug.
3:21 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |ERRATA
Last Closed| |2020-10-26 20:21:20
--- Comment #7 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-15999
--
You are receiving this mail because:
You are on the CC list for the bug.
4:04 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Todd Cullum <tcullum(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CLOSED |NEW
Resolution|ERRATA |---
Keywords| |Reopened
--
You are receiving this mail because:
You are on the CC list for the bug.
5:02 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Todd Cullum <tcullum(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Severity|medium |high
--
You are receiving this mail because:
You are on the CC list for the bug.
5:31 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Todd Cullum <tcullum(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1891635
--
You are receiving this mail because:
You are on the CC list for the bug.
5:57 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Doc Text *updated* by Todd Cullum <tcullum(a)redhat.com> ---
A heap buffer overflow leading to out-of-bounds write was found in freetype. A memory
allocation based on truncated PNG width and height values, allows for an out-of-bounds
write to occur in application memory when an attacker supplies a specially crafted TTF
file. The greatest risk is to availability with some potential risk to integrity and
confidentiality as well.
--
You are receiving this mail because:
You are on the CC list for the bug.
9:21 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |ERRATA
Last Closed|2020-10-26 20:21:20 |2020-10-27 02:21:15
--- Comment #11 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-15999
--
You are receiving this mail because:
You are on the CC list for the bug.
11:15 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Todd Cullum <tcullum(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1891902, 1891905, 1891904,
| |1891906, 1891903
--
You are receiving this mail because:
You are on the CC list for the bug.
11:34 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #13 from Todd Cullum <tcullum(a)redhat.com> ---
Statement:
Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6,
bundle a version (2.4.11) of freetype in gtk3-private, the version is not
affected by this flaw because the vulnerable code was introduced in a
subsequent version of freetype.
--
You are receiving this mail because:
You are on the CC list for the bug.
11:38 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #14 from Todd Cullum <tcullum(a)redhat.com> ---
Statement:
Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6,
bundle a version (2.4.11) of freetype in gtk3-private, the version is not
affected by this flaw because the vulnerable code was introduced in a
subsequent version of freetype. The freetype package shipped with Red Hat
Enterprise Linux 5 and 6 is not affected as the vulnerable code was introduced
in a subsequent version of freetype.
go-freetype as shipped with Red Hat Advanced Cluster Management for Kubernetes
is not affected by this flaw because it ships a pure go implementation of
freetype which does not include the vulnerable code.
--
You are receiving this mail because:
You are on the CC list for the bug.
12:35 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #15 from Todd Cullum <tcullum(a)redhat.com> ---
Mitigation:
Mitigation for this issue is either not available or the currently available
options do not meet the Red Hat Product Security criteria comprising ease of
use and deployment, applicability to widespread installation base or stability.
--
You are receiving this mail because:
You are on the CC list for the bug.
1:30 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Todd Cullum <tcullum(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version| |freetype 2.10.4
--
You are receiving this mail because:
You are on the CC list for the bug.
8:20 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #36 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4907 https://access.redhat.com/errata/RHSA-2020:4907
--
You are receiving this mail because:
You are on the CC list for the bug.
8:20 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:4907
--
You are receiving this mail because:
You are on the CC list for the bug.
7:07 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4940
--
You are receiving this mail because:
You are on the CC list for the bug.
7:16 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4941
--
You are receiving this mail because:
You are on the CC list for the bug.
7:18 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4942
--
You are receiving this mail because:
You are on the CC list for the bug.
7:21 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4943
--
You are receiving this mail because:
You are on the CC list for the bug.
2:38 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #54 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:4949 https://access.redhat.com/errata/RHSA-2020:4949
--
You are receiving this mail because:
You are on the CC list for the bug.
2:38 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:4949
--
You are receiving this mail because:
You are on the CC list for the bug.
2:46 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #55 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.1 Extended Update Support
Via RHSA-2020:4950 https://access.redhat.com/errata/RHSA-2020:4950
--
You are receiving this mail because:
You are on the CC list for the bug.
2:46 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:4950
--
You are receiving this mail because:
You are on the CC list for the bug.
2:51 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #56 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:4952 https://access.redhat.com/errata/RHSA-2020:4952
--
You are receiving this mail because:
You are on the CC list for the bug.
2:56 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #57 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.2 Extended Update Support
Via RHSA-2020:4951 https://access.redhat.com/errata/RHSA-2020:4951
--
You are receiving this mail because:
You are on the CC list for the bug.
2:56 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:4951
--
You are receiving this mail because:
You are on the CC list for the bug.
8:14 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4957
--
You are receiving this mail because:
You are on the CC list for the bug.
7:03 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4980
--
You are receiving this mail because:
You are on the CC list for the bug.
7:07 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4979
--
You are receiving this mail because:
You are on the CC list for the bug.
7:08 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4977
--
You are receiving this mail because:
You are on the CC list for the bug.
8:43 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4981
--
You are receiving this mail because:
You are on the CC list for the bug.
8:48 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4983
--
You are receiving this mail because:
You are on the CC list for the bug.
8:49 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4984
--
You are receiving this mail because:
You are on the CC list for the bug.
8:53 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4985
--
You are receiving this mail because:
You are on the CC list for the bug.
12:38 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:4986
--
You are receiving this mail because:
You are on the CC list for the bug.
12:32 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5094
--
You are receiving this mail because:
You are on the CC list for the bug.
9:54 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5105
--
You are receiving this mail because:
You are on the CC list for the bug.
8:07 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5114
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895993
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895994
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895995
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895996
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895997
--
You are receiving this mail because:
You are on the CC list for the bug.
6:44 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895998
--
You are receiving this mail because:
You are on the CC list for the bug.
6:45 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1895999
--
You are receiving this mail because:
You are on the CC list for the bug.
6:49 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895993 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895994 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895995 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895996 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895997 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895998 |
--
You are receiving this mail because:
You are on the CC list for the bug.
6:50 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On|1895999 |
--
You are receiving this mail because:
You are on the CC list for the bug.
7:59 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5244
--
You are receiving this mail because:
You are on the CC list for the bug.
8:36 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5303
--
You are receiving this mail because:
You are on the CC list for the bug.
9:20 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5331
--
You are receiving this mail because:
You are on the CC list for the bug.
9:08 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5335
--
You are receiving this mail because:
You are on the CC list for the bug.
2:42 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2020:5347
--
You are receiving this mail because:
You are on the CC list for the bug.
7:58 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHBA-2021:0012
--
You are receiving this mail because:
You are on the CC list for the bug.
7:42 a.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> ---
A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory
allocation based on truncated PNG width and height values allows for an out-of-bounds
write to occur in application memory when an attacker supplies a specially crafted TTF
file.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
1:59 p.m.
New subject: [Bug 1890210] CVE-2020-15999 freetype: Heap-based buffer overflow
due to integer truncation in Load_SBit_Png
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2048292
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
817
days inactive
1283
days old
fonts-bugs@lists.fedoraproject.org
66 comments
1 participants
participants (1)
-
bugzilla@redhat.com