869339 – (CVE-2014-1509) VUL-0: CVE-2014-1509: cairo: memory corruption during PDF rendering

Bug 869339 (CVE-2014-1509) - VUL-0: CVE-2014-1509: cairo: memory corruption during PDF rendering

Summary: VUL-0: CVE-2014-1509: cairo: memory corruption during PDF rendering

Status:	RESOLVED INVALID

Alias:	CVE-2014-1509

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Scott Reeves
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:NVD:CVE-2014-1493:9.3:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-03-20 09:26 UTC by Marcus Meissner
Modified:	2019-05-01 16:14 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
cairo.patch (920 bytes, patch) 2014-03-20 09:34 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-03-20 09:26:02 UTC

https://www.mozilla.org/security/announce/2014/mfsa2014-27.html

Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed.

Comment 1 Marcus Meissner 2014-03-20 09:34:04 UTC

Created attachment 582931 [details]
cairo.patch

the cairo patch between 24.3.0 and 24.4.0 ESR firefox

Comment 2 Marcus Meissner 2014-03-20 09:43:20 UTC

This is windows specific code, so not used in Linux.

Also the "cairo" system library does not seem to contain it, only the Firefox branch of cairo does.

So non-issue.