Bug 1036457 (CVE-2017-8287)

Summary:	VUL-0: CVE-2017-8287: freetype2: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by aheap-based buffer overflow relat...
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Marcus Meissner <meissner>
Component:	Incidents	Assignee:	Fridrich Strba <fstrba>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	astieger, forgotten_DV81ZEWZkN, fstrba, ismail, karol, postadal, simonizor, smash_bz
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/184444/
Whiteboard:	CVSSv2:SUSE:CVE-2017-8287:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv3.1:SUSE:CVE-2017-8287:7.0:(AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) maint:released:sle10-sp3:63969
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Marcus Meissner 2017-04-27 06:30:30 UTC

CVE-2017-8287

FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a
heap-based buffer overflow related to the t1_builder_close_contour
function in psaux/psobjs.c.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287

Comment 1 Marcus Meissner 2017-04-27 06:30:55 UTC

MISC:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941

Comment 2 Andreas Stieger 2018-02-06 07:11:55 UTC

ping... community user requested this bump for Tumbleweed in bug 1079459

Comment 3 Andreas Stieger 2018-02-06 07:30:57 UTC

Already submitted without tracking:
https://build.opensuse.org/request/show/563247

Stuck in TW staging. Ismail could you look at the failures?

Comment 8 Swamp Workflow Management 2018-02-09 20:13:29 UTC

SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1028103,1035807,1036457,1079600
CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    freetype2-2.6.3-7.15.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    freetype2-2.6.3-7.15.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Server 12-SP3 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Server 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1
SUSE CaaS Platform ALL (src):    freetype2-2.6.3-7.15.1

Comment 9 Swamp Workflow Management 2018-02-12 11:09:10 UTC

openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1028103,1035807,1036457,1079600
CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287
Sources used:
openSUSE Leap 42.3 (src):    freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1

Comment 10 Swamp Workflow Management 2018-02-16 14:07:59 UTC

SUSE-SU-2018:0462-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028103,1035807,1036457
CVE References: CVE-2016-10244,CVE-2017-8105,CVE-2017-8287
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    freetype2-2.3.7-25.45.5.1
SUSE Linux Enterprise Server 11-SP4 (src):    freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1

Comment 13 Petr Ostadal 2022-04-07 08:48:23 UTC

fixed