Bug 1034186 - (CVE-2017-7858) VUL-0: CVE-2017-7858: freetype2: out-of-bounds write (TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c)
(CVE-2017-7858)
VUL-0: CVE-2017-7858: freetype2: out-of-bounds write (TT_Get_MM_Var function...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Fridrich Strba
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-14 11:37 UTC by Mikhail Kasimov
Modified: 2022-04-07 08:45 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-04-14 11:37:31 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7858
====================================================
Description

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

Source:  MITRE      Last Modified:  04/14/2017
====================================================

Hyperlink

[1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e

[2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738

(open-)SUSE

https://software.opensuse.org/package/freetype2

2.7.1 (TW, official repo)
2.6.3 (42.2, official repo)
2.5.5 (42.1, official repo)

Due to https://security-tracker.debian.org/tracker/CVE-2017-7858 info, this bug can already be fixed. So, please, check that.
Comment 1 Mikhail Kasimov 2017-04-14 11:44:06 UTC
(In reply to Mikhail Kasimov from comment #0)

> Due to https://security-tracker.debian.org/tracker/CVE-2017-7858 info, this
> bug can already be fixed. So, please, check that.
=================================================================
- freetype <not-affected> (Vulnerable code introduced in 2.6.4)

Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d

Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
=================================================================
Comment 2 Marcus Meissner 2017-04-18 09:25:34 UTC
sle12 sp2 ga has 2.6.3 currently + some small patches

so we can consider it not affected.
Comment 3 Karol Babioch 2018-02-06 12:26:10 UTC
Codestreams in SLE are not affected, because they are too old. This was only introduced with 2.6.4 and fixed upstream in version 2.8.

This needs to be fixed in Factory (see #1079459) by bumping the version to the latest upstream version.
Comment 4 Karol Babioch 2018-02-06 12:27:09 UTC
See Bug 1079459 for progress on this.
Comment 5 Petr Ostadal 2022-04-07 08:45:55 UTC
freetype2 upgraded to 2.11.1