Bug 1262373 – CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1262373 - (CVE-2014-9746, CVE-2014-9747) CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory

Summary:	CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory

Status:	CLOSED WONTFIX

Aliases:	CVE-2014-9746, CVE-2014-9747

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20140122,reported=2...
Keywords:	Security

Depends On:	1262384 1262385 1262386
Blocks:	1262375
	Show dependency tree / graph

Reported:	2015-09-11 09:50 EDT by Adam Mariš
Modified:	2015-10-21 10:57 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-09-14 01:56:10 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2015-09-11 09:50:17 EDT

Three use-of-uninitialized conditions were found in psobjs.c in ps_parser_load_field, in t42parse.c in 42_parse_font_matrix and in t1load.c in tt1_parse_font_matrix.

Upstream bug:

https://savannah.nongnu.org/bugs/?41309

Upstream patch:

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1

CVE request:

http://seclists.org/oss-sec/2015/q3/537

Comment 1 Adam Mariš 2015-09-11 09:59:04 EDT

Created freetype tracking bugs for this issue:

Affects: fedora-all [bug 1262384]

Comment 2 Adam Mariš 2015-09-11 09:59:07 EDT

Created mingw-freetype tracking bugs for this issue:

Affects: fedora-all [bug 1262385]
Affects: epel-7 [bug 1262386]

Comment 3 Marek Kašík 2015-09-11 10:51:50 EDT

It seems to me that this is already fixed in all maintained versions of Fedora. Check it please.

Comment 4 Huzaifa S. Sidhpurwala 2015-09-14 01:49:47 EDT

Upstream freetype git suggests that this issue was addressed in freetype-2.5.3.

Therefore this issue is already fixed in all the maintained versions of Fedora.

Comment 6 Adam Mariš 2015-09-29 05:18:52 EDT

CVE-2014-9746 is for accessing uninitialized memory issues
CVE-2014-9747 is for the fix for CWE-372 ("Incomplete Internal State Distinction") issue in the sense that the possibility of immediates-only mode isn't checked (in t42parse.c)

Note You need to log in before you can comment on or make changes to this bug.