https://bugzilla.redhat.com/show_bug.cgi?id=1652081
Bug ID: 1652081
Summary: CVE-2015-9274 harfbuzz: DoS due to GPOS and GSUB table
mishandling
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: lpardo(a)redhat.com
CC: abhgupta(a)redhat.com, caolanm(a)redhat.com,
dbaker(a)redhat.com, eng-i18n-bugs(a)redhat.com,
erack(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
gecko-bugs-nobody(a)redhat.com,
i18n-bugs(a)lists.fedoraproject.org, jhorak(a)redhat.com,
jokerman(a)redhat.com, klember(a)redhat.com,
moceap(a)hotmail.com, pnemade(a)redhat.com,
psatpute(a)redhat.com, rh-spice-bugs(a)redhat.com,
sthangav(a)redhat.com, stransky(a)redhat.com,
trankin(a)redhat.com, tuxator(a)o2.pl
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service
(invalid read of two bytes and application crash) because of GPOS and GSUB
table mishandling, related to hb-ot-layout-gpos-table.hh,
hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
References:
https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673...
--
You are receiving this mail because:
You are on the CC list for the bug.