Bug 916867 (CVE-2014-9659)

Summary: VUL-0: CVE-2014-9659: freetype2: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Vladimir Nadvornik <nadvornik>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/113635/
Whiteboard: CVSSv2:RedHat:CVE-2014-9659:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-9659:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2014-2240:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2015-02-09 10:56:49 UTC
CVE-2014-9659

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4
proceeds with additional hints after the hint mask has been computed, which
allows remote attackers to execute arbitrary code or cause a denial of service
(stack-based buffer overflow) via a crafted OpenType font.  NOTE: this
vulnerability exists because of an incomplete fix for CVE-2014-2240.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9659
http://code.google.com/p/google-security-research/issues/detail?id=190
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
Comment 1 Swamp Workflow Management 2015-02-09 23:03:04 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-02-11 08:46:13 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60646
Comment 4 Bernhard Wiedemann 2015-02-20 15:00:47 UTC
This is an autogenerated message for OBS integration:
This bug (916867) was mentioned in
https://build.opensuse.org/request/show/286989 13.2 / freetype2
https://build.opensuse.org/request/show/286990 13.1 / freetype2
Comment 6 Swamp Workflow Management 2015-03-10 14:07:50 UTC
SUSE-SU-2015:0455-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 916847,916856,916857,916858,916859,916860,916861,916862,916863,916864,916865,916867,916868,916870,916871,916872,916873,916874,916879,916881
CVE References: CVE-2014-2240,CVE-2014-9656,CVE-2014-9657,CVE-2014-9658,CVE-2014-9659,CVE-2014-9660,CVE-2014-9661,CVE-2014-9662,CVE-2014-9663,CVE-2014-9664,CVE-2014-9665,CVE-2014-9666,CVE-2014-9667,CVE-2014-9668,CVE-2014-9669,CVE-2014-9670,CVE-2014-9671,CVE-2014-9672,CVE-2014-9673,CVE-2014-9674,CVE-2014-9675
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    freetype2-2.5.3-5.1
SUSE Linux Enterprise Server 12 (src):    freetype2-2.5.3-5.1
SUSE Linux Enterprise Desktop 12 (src):    freetype2-2.5.3-5.1
Comment 7 Bernhard Wiedemann 2015-03-20 16:00:47 UTC
This is an autogenerated message for OBS integration:
This bug (916867) was mentioned in
https://build.opensuse.org/request/show/292048 13.2 / freetype2
https://build.opensuse.org/request/show/292049 13.1 / freetype2
Comment 8 Marcus Meissner 2015-03-30 14:42:03 UTC
erlease3d
Comment 9 Swamp Workflow Management 2015-03-30 15:07:06 UTC
openSUSE-SU-2015:0627-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 916847,916856,916857,916858,916859,916860,916861,916862,916863,916864,916865,916867,916868,916870,916871,916872,916873,916874,916879,916881
CVE References: CVE-2014-9656,CVE-2014-9657,CVE-2014-9658,CVE-2014-9659,CVE-2014-9660,CVE-2014-9661,CVE-2014-9662,CVE-2014-9663,CVE-2014-9664,CVE-2014-9665,CVE-2014-9666,CVE-2014-9667,CVE-2014-9668,CVE-2014-9669,CVE-2014-9670,CVE-2014-9671,CVE-2014-9672,CVE-2014-9673,CVE-2014-9674,CVE-2014-9675
Sources used:
openSUSE 13.2 (src):    freetype2-2.5.3-2.4.1, ft2demos-2.5.3-2.4.1
openSUSE 13.1 (src):    freetype2-2.5.0.1-2.4.1, ft2demos-2.5.0-2.4.1