Bug 611927
Summary: | freetype: write to non-mapped memory in base/ftojbs.c:1563 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | behdad, bressers, fonts-bugs, kevin, mkasik, osoukup |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-07-07 17:45:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2010-07-06 21:08:03 UTC
There is actually 21 crashes reported upstream: http://savannah.nongnu.org/bugs/index.php?go_report=Apply&group=freetype&func=browse&set=custom&msort=0&report_id=100&advsrch=0&status_id=0&resolution_id=0&assigned_to=0&bug_group_id=0&history_search=0&history_field=0&history_event=modified&history_date_dayfd=2&history_date_monthfd=7&history_date_yearfd=2010&chunksz=50&spamscore=5&boxoptionwanted=1#options Roughly half of these are NULL pointer derefs or stack exhaustion. This bug, and bug 30083, were noted as being higher risk. I'm going to close this bug and file individual bugs for each freetype flaw found (there are several) |