Bug 2036820 (CVE-2021-45931)
Summary: | CVE-2021-45931 harfbuzz: out-of-bounds write in hb_bit_set_invertible_t::set | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdettelb, caolanm, caswilli, eng-i18n-bugs, erack, erik-fedora, i18n-bugs, jburrell, jhorak, jwong, kaycoth, klember, manisandro, moceap, nobody, pnemade, psatpute, rh-spice-bugs, stransky, tpopela, tuxator |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | harfbuzz 2.9.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
An out-of-bounds write flaw was found in HarfBuzz, arising from a boundary error in the hb_bit_set_invertible_t::set() function when processing untrusted input. This flaw allows an attacker to create a specially crafted file, convince the victim to open it, and trigger an out-of-bounds write. In some cases, this issue could lead to the execution of arbitrary code on the target system or, more commonly, result in a denial of service attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-02-15 07:06:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2036821, 2036822, 2040516, 2040517, 2040518 | ||
Bug Blocks: | 2036823 |
Description
Marian Rehak
2022-01-04 06:03:26 UTC
Created harfbuzz tracking bugs for this issue: Affects: fedora-all [bug 2036821] Created mingw-harfbuzz tracking bugs for this issue: Affects: fedora-all [bug 2036822] I believe this is https://github.com/harfbuzz/harfbuzz/pull/3162, which is fixed in harfbuzz 2.9.1+ Well, I can rebase harfbuzz to 2.9.1 version in F35 not 3.0.0+ versions. The 3.0.0 version created issues in Fedora and some packages need to be fixed manually. But where is simple reproducer that I can use and then test if above PR is really a fix? Yesterday I spend good amount of time on this CVE issue and concluded that those Feodra/RHEL releases which have only harfbuzz-2.9.0 build are affected. So actually No Fedora release is affected by this CVE. The code got introduced and fixed between 2.9.0 to 2.9.1 upstream release. So this CVE is actually NOTABUG. |