https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Bug ID: 1262373 Summary: freetype: Use of uninitialized memory Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: behdad@fedoraproject.org, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, fonts-bugs@lists.fedoraproject.org, kevin@tigcc.ticalc.org, lfarkas@lfarkas.org, mkasik@redhat.com, rjones@redhat.com
Three use-of-uninitialized conditions were found in psobjs.c in ps_parser_load_field, in t42parse.c in 42_parse_font_matrix and in t1load.c in tt1_parse_font_matrix.
Upstream bug:
https://savannah.nongnu.org/bugs/?41309
Upstream patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e...
CVE request:
http://seclists.org/oss-sec/2015/q3/537
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1262375
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1262384 Depends On| |1262385 Depends On| |1262386
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1262384]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1262384 [Bug 1262384] freetype: Use of uninitialized memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262385 [Bug 1262385] mingw-freetype: freetype: Use of uninitialized memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262386 [Bug 1262386] mingw-freetype: freetype: Use of uninitialized memory [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
--- Comment #2 from Adam Mariš amaris@redhat.com ---
Created mingw-freetype tracking bugs for this issue:
Affects: fedora-all [bug 1262385] Affects: epel-7 [bug 1262386]
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
--- Comment #3 from Marek Kašík mkasik@redhat.com --- It seems to me that this is already fixed in all maintained versions of Fedora. Check it please.
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
--- Comment #4 from Huzaifa S. Sidhpurwala huzaifas@redhat.com --- Upstream freetype git suggests that this issue was addressed in freetype-2.5.3.
Therefore this issue is already fixed in all the maintained versions of Fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=1262373 Bug 1262373 depends on bug 1262384, which changed state.
Bug 1262384 Summary: freetype: Use of uninitialized memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262384
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1262373 Bug 1262373 depends on bug 1262385, which changed state.
Bug 1262385 Summary: mingw-freetype: freetype: Use of uninitialized memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262385
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1262373 Bug 1262373 depends on bug 1262386, which changed state.
Bug 1262386 Summary: mingw-freetype: freetype: Use of uninitialized memory [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1262386
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20140122, |impact=low,public=20140122, |reported=20150911,source=in |reported=20150911,source=in |ternet,rhel-5/freetype=affe |ternet,rhel-5/freetype=wont |cted,rhel-6/freetype=affect |fix,rhel-6/freetype=wontfix |ed,rhel-7/freetype=affected |,rhel-7/freetype=wontfix,fe |,fedora-all/freetype=affect |dora-all/freetype=affected, |ed,fedora-all/mingw-freetyp |fedora-all/mingw-freetype=a |e=affected,epel-7/mingw-fre |ffected,epel-7/mingw-freety |etype=affected |pe=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2015-09-14 01:56:10
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20140122, |impact=low,public=20140122, |reported=20150911,source=in |reported=20150911,source=in |ternet,rhel-5/freetype=wont |ternet,rhel-5/freetype=wont |fix,rhel-6/freetype=wontfix |fix,rhel-6/freetype=wontfix |,rhel-7/freetype=wontfix,fe |,rhel-7/freetype=wontfix,fe |dora-all/freetype=affected, |dora-all/freetype=notaffect |fedora-all/mingw-freetype=a |ed,fedora-all/mingw-freetyp |ffected,epel-7/mingw-freety |e=notaffected,epel-7/mingw- |pe=affected |freetype=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype: Use of |CVE-2014-9746 CVE-2014-9747 |uninitialized memory |freetype: Use of | |uninitialized memory Alias| |CVE-2014-9746, | |CVE-2014-9747
--- Comment #6 from Adam Mariš amaris@redhat.com --- CVE-2014-9746 is for accessing uninitialized memory issues CVE-2014-9747 is for the fix for CWE-372 ("Incomplete Internal State Distinction") issue in the sense that the possibility of immediates-only mode isn't checked (in t42parse.c)
https://bugzilla.redhat.com/show_bug.cgi?id=1262373
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20140122, |impact=low,public=20140122, |reported=20150911,source=in |reported=20150911,source=in |ternet,rhel-5/freetype=wont |ternet,cvss2=2.1/AV:L/AC:L/ |fix,rhel-6/freetype=wontfix |Au:N/C:N/I:N/A:P,rhel-5/fre |,rhel-7/freetype=wontfix,fe |etype=wontfix,rhel-6/freety |dora-all/freetype=notaffect |pe=wontfix,rhel-7/freetype= |ed,fedora-all/mingw-freetyp |wontfix,fedora-all/freetype |e=notaffected,epel-7/mingw- |=notaffected,fedora-all/min |freetype=notaffected |gw-freetype=notaffected,epe | |l-7/mingw-freetype=notaffec | |ted