First Last Prev Next    This bug is not in your last search results.
Bug 1116297 - (CVE-2015-9274) VUL-1: CVE-2015-9274: harfbuzz: remote denial of service because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh
(CVE-2015-9274)
VUL-1: CVE-2015-9274: harfbuzz: remote denial of service because of GPOS and ...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/219302/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-16 07:48 UTC by Robert Frohl
Modified: 2018-11-21 09:09 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2018-11-16 07:48:31 UTC 
CVE-2015-9274

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service
(invalid read of two bytes and application crash) because of GPOS and GSUB table
mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh,
and hb-ot-layout-gsubgpos-private.hh.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9274
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9274.html
https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
Comment 1 Robert Frohl 2018-11-21 09:09:09 UTC 
We are not planning to release an LTSS update for this. 

All newer versions are fixed and include an version not affected:
- SUSE:SLE-12-SP2:Update 
- SUSE:SLE-15:Update
First Last Prev Next    This bug is not in your last search results.