Exploitable NULL pointer dereference and out-of-bound access vulnerabilities were found in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause out-of-bound access resulting into remote code execution and NULL pointer dereference resulting into crash. An attacker can provide a malicious font to trigger this vulnerability. External References: http://www.talosintel.com/reports/TALOS-2016-0060/ http://www.talosintel.com/reports/TALOS-2016-0057/
Created graphite2 tracking bugs for this issue: Affects: fedora-all [bug 1305811]
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:0197 https://rhn.redhat.com/errata/RHSA-2016-0197.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0594 https://rhn.redhat.com/errata/RHSA-2016-0594.html