Bug 890088 (CVE-2012-5669) - CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#37906)
Summary: CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyph...
Keywords:
Status: ASSIGNED
Alias: CVE-2012-5669
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 903539 903541 903542 903543 903554 903555
Blocks: 890078
TreeView+ depends on / blocked
 
Reported: 2012-12-25 04:07 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-09-29 12:58 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-03 05:20:24 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0216 normal SHIPPED_LIVE Important: freetype security update 2013-02-01 02:36:26 UTC

Description Huzaifa S. Sidhpurwala 2012-12-25 04:07:01 UTC
An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash.

Upstream bug:
https://savannah.nongnu.org/bugs/?37906
Patch: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

External References:

http://seclists.org/oss-sec/2012/q4/511

Comment 12 Huzaifa S. Sidhpurwala 2013-01-24 09:36:50 UTC
This issue affects the version of freetype as shipped with Fedora-17 and Fedora-18.

This issue affects the version of mingw-freetype as shipped with Fedora-17 and Fedora-18.

Comment 13 Huzaifa S. Sidhpurwala 2013-01-24 09:44:28 UTC
Further analyzing this issue, there seems to be an OOB write here. This flaw also affects Red Hat Enterprise Linux 5 and 6.

Comment 14 Huzaifa S. Sidhpurwala 2013-01-24 09:47:06 UTC
Created freetype tracking bugs for this issue

Affects: fedora-all [bug 903554]

Comment 15 Huzaifa S. Sidhpurwala 2013-01-24 09:47:10 UTC
Created mingw-freetype tracking bugs for this issue

Affects: fedora-all [bug 903555]

Comment 17 errata-xmlrpc 2013-01-31 21:37:30 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0216 https://rhn.redhat.com/errata/RHSA-2013-0216.html

Comment 18 Fedora Update System 2013-02-05 02:57:35 UTC
freetype-2.4.10-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2013-02-12 05:13:57 UTC
freetype-2.4.8-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.