Bug 1036457 - (CVE-2017-8287) VUL-0: CVE-2017-8287: freetype2: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by aheap-based buffer overflow relat...
(CVE-2017-8287)
VUL-0: CVE-2017-8287: freetype2: FreeType 2 before 2017-03-26 has an out-of-b...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Fridrich Strba
Security Team bot
https://smash.suse.de/issue/184444/
CVSSv2:SUSE:CVE-2017-8287:2.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-27 06:30 UTC by Marcus Meissner
Modified: 2022-08-01 10:53 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-27 06:30:30 UTC
CVE-2017-8287

FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a
heap-based buffer overflow related to the t1_builder_close_contour
function in psaux/psobjs.c.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
Comment 2 Andreas Stieger 2018-02-06 07:11:55 UTC
ping... community user requested this bump for Tumbleweed in bug 1079459
Comment 3 Andreas Stieger 2018-02-06 07:30:57 UTC
Already submitted without tracking:
https://build.opensuse.org/request/show/563247

Stuck in TW staging. Ismail could you look at the failures?
Comment 8 Swamp Workflow Management 2018-02-09 20:13:29 UTC
SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1028103,1035807,1036457,1079600
CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    freetype2-2.6.3-7.15.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    freetype2-2.6.3-7.15.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Server 12-SP3 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Server 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE CaaS Platform ALL (src):    freetype2-2.6.3-7.15.1
Comment 9 Swamp Workflow Management 2018-02-12 11:09:10 UTC
openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1028103,1035807,1036457,1079600
CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287
Sources used:
openSUSE Leap 42.3 (src):    freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1
Comment 10 Swamp Workflow Management 2018-02-16 14:07:59 UTC
SUSE-SU-2018:0462-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028103,1035807,1036457
CVE References: CVE-2016-10244,CVE-2017-8105,CVE-2017-8287
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    freetype2-2.3.7-25.45.5.1
SUSE Linux Enterprise Server 11-SP4 (src):    freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
Comment 13 Petr Ostadal 2022-04-07 08:48:23 UTC
fixed