This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 890088 - (CVE-2012-5669) CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#37906)
CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyph...
Status: ASSIGNED
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20121215,repo...
: Reopened, Security
Depends On: 903539 903541 903542 903543 903554 903555
Blocks: 890078
  Show dependency treegraph
 
Reported: 2012-12-24 23:07 EST by Huzaifa S. Sidhpurwala
Modified: 2016-01-06 09:30 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-03 00:20:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-12-24 23:07:01 EST
An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash.

Upstream bug:
https://savannah.nongnu.org/bugs/?37906
Patch: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

External References:

http://seclists.org/oss-sec/2012/q4/511
Comment 12 Huzaifa S. Sidhpurwala 2013-01-24 04:36:50 EST
This issue affects the version of freetype as shipped with Fedora-17 and Fedora-18.

This issue affects the version of mingw-freetype as shipped with Fedora-17 and Fedora-18.
Comment 13 Huzaifa S. Sidhpurwala 2013-01-24 04:44:28 EST
Further analyzing this issue, there seems to be an OOB write here. This flaw also affects Red Hat Enterprise Linux 5 and 6.
Comment 14 Huzaifa S. Sidhpurwala 2013-01-24 04:47:06 EST
Created freetype tracking bugs for this issue

Affects: fedora-all [bug 903554]
Comment 15 Huzaifa S. Sidhpurwala 2013-01-24 04:47:10 EST
Created mingw-freetype tracking bugs for this issue

Affects: fedora-all [bug 903555]
Comment 17 errata-xmlrpc 2013-01-31 16:37:30 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0216 https://rhn.redhat.com/errata/RHSA-2013-0216.html
Comment 18 Fedora Update System 2013-02-04 21:57:35 EST
freetype-2.4.10-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2013-02-12 00:13:57 EST
freetype-2.4.8-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.