Bugzilla – Bug 1028103
VUL-1: CVE-2016-10244: freetype2: The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 doesnot ensure that a fon...
Last modified: 2021-01-07 11:00:16 UTC
CVE-2016-10244 The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10244 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
2016-08-26 Werner Lemberg <wl@gnu.org> [type1] Fix heap buffer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 * src/type1/t1load.c (parse_charstrings): Reject fonts that don't contain glyph names. http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
the reproducer is not public yet, check back later
num_glyphs = n without checking for 0 is everywhere.
bugbot adjusting priority
This still needs to be fixed for SUSE:SLE-12-SP2:Update
SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE CaaS Platform ALL (src): freetype2-2.6.3-7.15.1
openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: openSUSE Leap 42.3 (src): freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-02-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63968
SUSE-SU-2018:0462-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1028103,1035807,1036457 CVE References: CVE-2016-10244,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): freetype2-2.3.7-25.45.5.1 SUSE Linux Enterprise Server 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
Resolved.