[Bug 1444895] New: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function
8:57 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug ID: 1444895
Summary: CVE-2016-10328 freetype: heap-based buffer overflow
related to the cff_parser_run function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based
buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
--
You are receiving this mail because:
You are on the CC list for the bug.
9:28 a.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1444917, 1444915, 1444916
--- Comment #1 from Adam Mariš <amaris(a)redhat.com> ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1444917]
Created mingw-freetype tracking bugs for this issue:
Affects: epel-7 [bug 1444915]
Affects: fedora-all [bug 1444916]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1444915
[Bug 1444915] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1444916
[Bug 1444916] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444917
[Bug 1444917] CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
freetype: various flaws [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
8:30 a.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1444919
Norman Sardella <sardella(a)comcast.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sardella(a)comcast.net
--
You are receiving this mail because:
You are on the CC list for the bug.
11:43 a.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
--- Comment #2 from Marek Kašík <mkasik(a)redhat.com> ---
I can not reproduce this one too with our freetype versions.
--
You are receiving this mail because:
You are on the CC list for the bug.
11:44 a.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug 1444895 depends on bug 1444917, which changed state.
Bug 1444917 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 freetype:
various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444917
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
--
You are receiving this mail because:
You are on the CC list for the bug.
11:47 p.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016
|1223,reported=20170414,sour |1223,reported=20170414,sour
|ce=cve,cvss3=7.8/CVSS:3.0/A |ce=cve,cvss3=7.8/CVSS:3.0/A
|V:L/AC:L/PR:N/UI:R/S:U/C:H/ |V:L/AC:L/PR:N/UI:R/S:U/C:H/
|I:H/A:H,cwe=CWE-122,rhel-5/ |I:H/A:H,cwe=CWE-122,rhel-5/
|freetype=new,rhel-6/freetyp |freetype=notaffected,rhel-6
|e=new,rhel-7/freetype=new,r |/freetype=notaffected,rhel-
|hev-m-3/mingw-virt-viewer=n |7/freetype=notaffected,rhev
|ew,fedora-all/freetype=affe |-m-3/mingw-virt-viewer=nota
|cted,fedora-all/mingw-freet |ffected,fedora-all/freetype
|ype=affected,epel-7/mingw-f |=notaffected,fedora-all/min
|reetype=affected |gw-freetype=notaffected,epe
| |l-7/mingw-freetype=notaffec
| |ted
Last Closed| |2017-06-29 00:47:10
--- Comment #3 from Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> ---
This issue arises due to the following commit:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3bd79c...
Which has not been backported to version of freetype shipped with Red Hat
Enterprise Linux and Fedora, hence these versions are not affected.
Upstream versions may also not be affected, because this was a very short lived
regression.
--
You are receiving this mail because:
You are on the CC list for the bug.
4:32 a.m.
New subject: [Bug 1444895] CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug 1444895 depends on bug 1444916, which changed state.
Bug 1444916 Summary: CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864
mingw-freetype: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1444916
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
2171
days inactive
2573
days old
fonts-bugs@lists.fedoraproject.org
6 comments
1 participants
participants (1)
-
bugzilla@redhat.com