Bug 2186428 (CVE-2023-2004)

Summary: CVE-2023-2004 freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, aoconnor, apodtele, bdettelb, caswilli, chazlett, crarobin, dffrench, dfitzmau, dfreiber, dkuc, fjansen, gzaronik, hbraun, hkataria, jburrell, jdowland, jmadigan, jsherril, jvanek, kaycoth, kshier, micjohns, mkasik, neugens, ngough, pamccart, pjindal, rgodfrey, rh-spice-bugs, rogbas, sraghupu, sthirugn, tkasparek, tmeszaro, vkumar
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freetype 2.13.0 Doc Type: If docs needed, set a value
Doc Text:
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. This flaw causes an application to crash or leads to a denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-23 03:24:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2186430, 2186431, 2186432, 2186433, 2186434, 2186435, 2186436, 2186437, 2187207, 2187208, 2187209, 2187210, 2187211, 2187212, 2187213, 2187214    
Bug Blocks: 2143405    

Description TEJ RATHI 2023-04-13 09:27:23 UTC
Freetype: Integer overflow in src/truetype/ttgxvar.c (tt_hvadvance_adjust): 

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611

Comment 1 TEJ RATHI 2023-04-13 09:33:30 UTC
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2186431]
Affects: fedora-all [bug 2186433]


Created freetype tracking bugs for this issue:

Affects: fedora-all [bug 2186430]


Created java-11-openjdk tracking bugs for this issue:

Affects: fedora-all [bug 2186434]


Created java-17-openjdk tracking bugs for this issue:

Affects: fedora-all [bug 2186435]


Created java-latest-openjdk tracking bugs for this issue:

Affects: epel-all [bug 2186432]
Affects: fedora-all [bug 2186436]


Created mingw-freetype tracking bugs for this issue:

Affects: fedora-all [bug 2186437]

Comment 2 Product Security DevOps Team 2023-04-13 14:06:16 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Comment 11 errata-xmlrpc 2023-10-18 16:22:27 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.21

Via RHSA-2023:5734 https://access.redhat.com/errata/RHSA-2023:5734

Comment 12 errata-xmlrpc 2023-10-18 16:22:34 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.9

Via RHSA-2023:5745 https://access.redhat.com/errata/RHSA-2023:5745

Comment 17 ronaldfarrar 2024-06-05 07:40:41 UTC Comment hidden (spam)