Bug 1191095 (CVE-2014-9672) - CVE-2014-9672 freetype: Array index error in the parse_fond function in base/ftmac.c
Summary: CVE-2014-9672 freetype: Array index error in the parse_fond function in base/...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-9672
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1191102
TreeView+ depends on / blocked
 
Reported: 2015-02-10 12:52 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 05:39 UTC (History)
4 users (show)

Fixed In Version: freetype 2.5.4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-23 19:43:43 UTC
Embargoed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-02-10 12:52:46 UTC 
Common Vulnerabilities and Exposures assigned CVE-2014-9672 to the following issue:

Array index error in the parse_fond function in base/ftmac.c in FreeType before
2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read)
or obtain sensitive information from process memory via a crafted FOND resource
in a Mac font file.

http://code.google.com/p/google-security-research/issues/detail?id=155
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
Comment 1 Tomas Hoger 2015-02-23 19:43:43 UTC 
Upstream bug is:
https://savannah.nongnu.org/bugs/?43540

It remains non-public to date.

Issue was fixed upstream in 2.5.4.

Affected code is not built and used in freetype packages in Red Hat Enterprise Linux and Fedora.  The code is only used on MacOS platform.

Statement:

Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Note You need to log in before you can comment on or make changes to this bug.