[Bug 800587] CVE-2012-1130 freetype: heap buffer over-read PCF parser pcf_get_properties() (#35603)

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 15 16:37:56 UTC 2012


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=800587

Tomas Hoger <thoger at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|CVE-2012-1130 freetype:     |CVE-2012-1130 freetype:
                   |Out-of heap-based buffer    |heap buffer over-read PCF
                   |read by loading properties  |parser pcf_get_properties()
                   |of PCF fonts (FU#35603)     |(#35603)
  Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
                   |reported=20120302,source=go |reported=20120302,source=se
                   |ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=4.3/AV:N/AC:M/
                   |:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre
                   |ype=affected,rhel-6/freetyp |etype=affected,rhel-6/freet
                   |e=affected,fedora-all/freet |ype=affected,fedora-all/fre
                   |ype=affected                |etype=affected,fedora-all/m
                   |                            |ingw32-freetype=affected

--- Comment #7 from Tomas Hoger <thoger at redhat.com> 2012-03-15 12:37:55 EDT ---
The problem here is in pcf_get_properties(), which does not ensure that a
string read form PCF font file is properly NUL terminated before passing it to
strdup. This may possibly cause program crash.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the fonts-bugs mailing list