A flaw was found in freetype in the way it processes PNG images embedded into fonts. A crafted TTF file can lead to heap-based buffer overflow due to integer truncation in Load_SBit_Png function. Reference: https://savannah.nongnu.org/bugs/?59308 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
Created freetype tracking bugs for this issue: Affects: fedora-all [bug 1890211]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:4351 https://access.redhat.com/errata/RHSA-2020:4351
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15999
Statement: Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6, bundle a version (2.4.11) of freetype in gtk3-private, the version is not affected by this flaw because the vulnerable code was introduced in a subsequent version of freetype. The freetype package shipped with Red Hat Enterprise Linux 5 and 6 is not affected as the vulnerable code was introduced in a subsequent version of freetype. go-freetype as shipped with Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw because it ships a pure go implementation of freetype which does not include the vulnerable code.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4907 https://access.redhat.com/errata/RHSA-2020:4907
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4949 https://access.redhat.com/errata/RHSA-2020:4949
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4950 https://access.redhat.com/errata/RHSA-2020:4950
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4952 https://access.redhat.com/errata/RHSA-2020:4952
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:4951 https://access.redhat.com/errata/RHSA-2020:4951