916859 – (CVE-2014-9661) VUL-0: CVE-2014-9661: freetype2: use-after-free in type42/t42parse.c

Bug 916859 (CVE-2014-9661) - VUL-0: CVE-2014-9661: freetype2: use-after-free in type42/t42parse.c

Summary: VUL-0: CVE-2014-9661: freetype2: use-after-free in type42/t42parse.c

Status:	RESOLVED FIXED

Alias:	CVE-2014-9661

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-02-25
Assignee:	Vladimir Nadvornik
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/113637/
Whiteboard:	maint:released:sle11-sp1:60893 maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-02-09 10:41 UTC by Johannes Segitz
Modified:	2019-05-22 01:01 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2015-02-09 10:41:38 UTC

CVE-2014-9661

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can
be incomplete without triggering an error, which allows remote attackers to
cause a denial of service (use-after-free) or possibly have unspecified other
impact via a crafted Type42 font.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9661
http://code.google.com/p/google-security-research/issues/detail?id=187
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669

Comment 1 Swamp Workflow Management 2015-02-09 23:01:53 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2015-02-11 08:45:45 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60646

Comment 3 Bernhard Wiedemann 2015-02-20 15:00:22 UTC

This is an autogenerated message for OBS integration:
This bug (916859) was mentioned in
https://build.opensuse.org/request/show/286989 13.2 / freetype2
https://build.opensuse.org/request/show/286990 13.1 / freetype2

Comment 5 Swamp Workflow Management 2015-03-10 14:06:35 UTC

SUSE-SU-2015:0455-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 916847,916856,916857,916858,916859,916860,916861,916862,916863,916864,916865,916867,916868,916870,916871,916872,916873,916874,916879,916881
CVE References: CVE-2014-2240,CVE-2014-9656,CVE-2014-9657,CVE-2014-9658,CVE-2014-9659,CVE-2014-9660,CVE-2014-9661,CVE-2014-9662,CVE-2014-9663,CVE-2014-9664,CVE-2014-9665,CVE-2014-9666,CVE-2014-9667,CVE-2014-9668,CVE-2014-9669,CVE-2014-9670,CVE-2014-9671,CVE-2014-9672,CVE-2014-9673,CVE-2014-9674,CVE-2014-9675
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    freetype2-2.5.3-5.1
SUSE Linux Enterprise Server 12 (src):    freetype2-2.5.3-5.1
SUSE Linux Enterprise Desktop 12 (src):    freetype2-2.5.3-5.1

Comment 6 Swamp Workflow Management 2015-03-11 01:05:46 UTC

SUSE-SU-2015:0463-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 916856,916857,916858,916859,916861,916863,916864,916865,916870,916871,916872,916873,916874,916879,916881
CVE References: CVE-2014-9656,CVE-2014-9657,CVE-2014-9658,CVE-2014-9659,CVE-2014-9660,CVE-2014-9661,CVE-2014-9662,CVE-2014-9663,CVE-2014-9664,CVE-2014-9665,CVE-2014-9666,CVE-2014-9667,CVE-2014-9668,CVE-2014-9669,CVE-2014-9670,CVE-2014-9671,CVE-2014-9672,CVE-2014-9673,CVE-2014-9674,CVE-2014-9675
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    freetype2-2.3.7-25.34.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    freetype2-2.3.7-25.34.1, ft2demos-2.3.7-25.34.1
SUSE Linux Enterprise Server 11 SP3 (src):    freetype2-2.3.7-25.34.1, ft2demos-2.3.7-25.34.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    freetype2-2.3.7-25.34.1, ft2demos-2.3.7-25.34.1

Comment 8 Bernhard Wiedemann 2015-03-20 16:00:23 UTC

This is an autogenerated message for OBS integration:
This bug (916859) was mentioned in
https://build.opensuse.org/request/show/292048 13.2 / freetype2
https://build.opensuse.org/request/show/292049 13.1 / freetype2

Comment 9 Marcus Meissner 2015-03-30 14:38:46 UTC

released

Comment 10 Swamp Workflow Management 2015-03-30 15:05:52 UTC

openSUSE-SU-2015:0627-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 916847,916856,916857,916858,916859,916860,916861,916862,916863,916864,916865,916867,916868,916870,916871,916872,916873,916874,916879,916881
CVE References: CVE-2014-9656,CVE-2014-9657,CVE-2014-9658,CVE-2014-9659,CVE-2014-9660,CVE-2014-9661,CVE-2014-9662,CVE-2014-9663,CVE-2014-9664,CVE-2014-9665,CVE-2014-9666,CVE-2014-9667,CVE-2014-9668,CVE-2014-9669,CVE-2014-9670,CVE-2014-9671,CVE-2014-9672,CVE-2014-9673,CVE-2014-9674,CVE-2014-9675
Sources used:
openSUSE 13.2 (src):    freetype2-2.5.3-2.4.1, ft2demos-2.5.3-2.4.1
openSUSE 13.1 (src):    freetype2-2.5.0.1-2.4.1, ft2demos-2.5.0-2.4.1