Bugzilla – Bug 1034186
VUL-0: CVE-2017-7858: freetype2: out-of-bounds write (TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c)
Last modified: 2022-04-07 08:45:55 UTC
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
Source: MITRE Last Modified: 04/14/2017
2.7.1 (TW, official repo)
2.6.3 (42.2, official repo)
2.5.5 (42.1, official repo)
Due to https://security-tracker.debian.org/tracker/CVE-2017-7858 info, this bug can already be fixed. So, please, check that.
(In reply to Mikhail Kasimov from comment #0)
> Due to https://security-tracker.debian.org/tracker/CVE-2017-7858 info, this
> bug can already be fixed. So, please, check that.
- freetype <not-affected> (Vulnerable code introduced in 2.6.4)
Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d
Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e
sle12 sp2 ga has 2.6.3 currently + some small patches
so we can consider it not affected.
Codestreams in SLE are not affected, because they are too old. This was only introduced with 2.6.4 and fixed upstream in version 2.8.
This needs to be fixed in Factory (see #1079459) by bumping the version to the latest upstream version.
See Bug 1079459 for progress on this.
freetype2 upgraded to 2.11.1