Bug 1262373 (CVE-2014-9746, CVE-2014-9747) - CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory
Summary: CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-9746, CVE-2014-9747
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1262384 1262385 1262386
Blocks: 1262375
TreeView+ depends on / blocked
 
Reported: 2015-09-11 13:50 UTC by Adam Mariš
Modified: 2019-09-29 13:36 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-14 05:56:10 UTC


Attachments (Terms of Use)

Description Adam Mariš 2015-09-11 13:50:17 UTC
Three use-of-uninitialized conditions were found in psobjs.c in ps_parser_load_field, in t42parse.c in 42_parse_font_matrix and in t1load.c in tt1_parse_font_matrix.

Upstream bug:

https://savannah.nongnu.org/bugs/?41309

Upstream patch:

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1

CVE request:

http://seclists.org/oss-sec/2015/q3/537

Comment 1 Adam Mariš 2015-09-11 13:59:04 UTC
Created freetype tracking bugs for this issue:

Affects: fedora-all [bug 1262384]

Comment 2 Adam Mariš 2015-09-11 13:59:07 UTC
Created mingw-freetype tracking bugs for this issue:

Affects: fedora-all [bug 1262385]
Affects: epel-7 [bug 1262386]

Comment 3 Marek Kašík 2015-09-11 14:51:50 UTC
It seems to me that this is already fixed in all maintained versions of Fedora. Check it please.

Comment 4 Huzaifa S. Sidhpurwala 2015-09-14 05:49:47 UTC
Upstream freetype git suggests that this issue was addressed in freetype-2.5.3.

Therefore this issue is already fixed in all the maintained versions of Fedora.

Comment 6 Adam Mariš 2015-09-29 09:18:52 UTC
CVE-2014-9746 is for accessing uninitialized memory issues
CVE-2014-9747 is for the fix for CWE-372 ("Incomplete Internal State Distinction") issue in the sense that the possibility of immediates-only mode isn't checked (in t42parse.c)


Note You need to log in before you can comment on or make changes to this bug.