Bug 1191095 (CVE-2014-9672)

Summary: CVE-2014-9672 freetype: Array index error in the parse_fond function in base/ftmac.c
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: behdad, fonts-bugs, kevin, mkasik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freetype 2.5.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-23 19:43:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1191102    

Description Vasyl Kaigorodov 2015-02-10 12:52:46 UTC 
Common Vulnerabilities and Exposures assigned CVE-2014-9672 to the following issue:

Array index error in the parse_fond function in base/ftmac.c in FreeType before
2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read)
or obtain sensitive information from process memory via a crafted FOND resource
in a Mac font file.

http://code.google.com/p/google-security-research/issues/detail?id=155
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
Comment 1 Tomas Hoger 2015-02-23 19:43:43 UTC 
Upstream bug is:
https://savannah.nongnu.org/bugs/?43540

It remains non-public to date.

Issue was fixed upstream in 2.5.4.

Affected code is not built and used in freetype packages in Red Hat Enterprise Linux and Fedora.  The code is only used on MacOS platform.

Statement:

Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.