https://bugzilla.redhat.com/show_bug.cgi?id=1429965
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016
|0825,reported=20170306,sour |0825,reported=20170306,sour
|ce=cve,cvss3=5.9/CVSS:3.0/A |ce=cve,cvss3=5.9/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:N/S:U/C:N/ |V:N/AC:H/PR:N/UI:N/S:U/C:N/
|I:N/A:H,cwe=CWE-20,fedora-a |I:N/A:H,cwe=CWE-20,fedora-a
|ll/freetype=affected,fedora |ll/freetype=affected,fedora
|-all/mingw-freetype=affecte |-all/mingw-freetype=affecte
|d,epel-7/mingw-freetype=aff |d,epel-7/mingw-freetype=aff
|ected,rhel-5/freetype=new,r |ected,rhel-5/freetype=wontf
|hel-6/freetype=new,rhel-7/f |ix,rhel-6/freetype=wontfix,
|reetype=new,rhev-m-3/mingw- |rhel-7/freetype=wontfix,rhe
|virt-viewer=new |v-m-3/mingw-virt-viewer=won
| |tfix
Last Closed| |2017-03-23 01:50:59
--- Comment #2 from Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> ---
Analysis:
As per the patch, seems to be a OOB read, causing a crash. I dont have access
to the reproducer, but seems all versions of freetype shipped with Red Hat
Enterprise Linux are affected.
--
You are receiving this mail because:
You are on the CC list for the bug.