[Bug 800591] CVE-2012-1133 freetype: heap buffer underflow in BDF parser _bdf_parse_glyphs() (#35607)

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 15 20:43:54 UTC 2012


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=800591

Tomas Hoger <thoger at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|CVE-2012-1133 freetype:     |CVE-2012-1133 freetype:
                   |Out-of heap-based buffer    |heap buffer underflow in
                   |write by parsing BDF glyph  |BDF parser
                   |information and bitmaps     |_bdf_parse_glyphs()
                   |(FU#35607)                  |(#35607)
  Status Whiteboard|impact=important,public=201 |impact=important,public=201
                   |20223,reported=20120302,sou |20223,reported=20120302,sou
                   |rce=google,cvss2=6.8/AV:N/A |rce=secalert,cvss2=6.8/AV:N
                   |C:M/Au:N/C:P/I:P/A:P,rhel-5 |/AC:M/Au:N/C:P/I:P/A:P,rhel
                   |/freetype=notaffected,rhel- |-5/freetype=new,rhel-6/free
                   |6/freetype=notaffected,fedo |type=new,fedora-all/freetyp
                   |ra-all/freetype=affected    |e=affected,fedora-all/mingw
                   |                            |32-freetype=affected

--- Comment #7 from Tomas Hoger <thoger at redhat.com> 2012-03-15 16:43:51 EDT ---
This problem is triggered by a negative value of the glyph's ENCODING parameter
and can cause freetype to index glyphs array (an array of bdf_glyph_t) using
index -1.  The glyph structure is both read and written to.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the fonts-bugs mailing list