Bugzilla – Bug 1036457
VUL-0: CVE-2017-8287: freetype2: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by aheap-based buffer overflow relat...
Last modified: 2022-08-01 10:53:14 UTC
CVE-2017-8287 FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
MISC:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
ping... community user requested this bump for Tumbleweed in bug 1079459
Already submitted without tracking: https://build.opensuse.org/request/show/563247 Stuck in TW staging. Ismail could you look at the failures?
SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE CaaS Platform ALL (src): freetype2-2.6.3-7.15.1
openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: openSUSE Leap 42.3 (src): freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1
SUSE-SU-2018:0462-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1028103,1035807,1036457 CVE References: CVE-2016-10244,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): freetype2-2.3.7-25.45.5.1 SUSE Linux Enterprise Server 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
fixed