An exploitable out-of-bound read vulnerability was found in the opcode handling functionality of Libgraphite. A specially crafted font can cause an out-of-bounds read resulting in arbitrary code execution. An attacker can provide a malicious font to trigger this vulnerability. External References: http://www.talosintel.com/reports/TALOS-2016-0058/
Created graphite2 tracking bugs for this issue: Affects: fedora-all [bug 1305806]
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:0197 https://rhn.redhat.com/errata/RHSA-2016-0197.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0594 https://rhn.redhat.com/errata/RHSA-2016-0594.html