Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 840224 (CVE-2022-27404, CVE-2022-27405, CVE-2022-27406) - <media-libs/freetype-2.12.0: multiple vulnerabilities
Summary: <media-libs/freetype-2.12.0: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 840227
Blocks:
  Show dependency tree
 
Reported: 2022-04-22 21:05 UTC by John Helmert III
Modified: 2024-02-03 08:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-22 21:05:08 UTC
CVE-2022-27404 (https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138):

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

CVE-2022-27405 (https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139):

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

CVE-2022-27406 (https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140):

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

All fixes in 2.12.0
Comment 1 Larry the Git Cow gentoo-dev 2022-05-01 18:20:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf92f3f25553793f14f04017295a1068df06c54c

commit bf92f3f25553793f14f04017295a1068df06c54c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2022-05-01 18:19:02 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2022-05-01 18:20:21 +0000

    media-libs/freetype: Removed old
    
    Bug: https://bugs.gentoo.org/840224
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 media-libs/freetype/Manifest               |   3 -
 media-libs/freetype/freetype-2.11.1.ebuild | 244 ---------------------------
 media-libs/freetype/freetype-2.12.0.ebuild | 258 -----------------------------
 3 files changed, 505 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-02-03 08:58:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2f6d7004e06dfb3d395547c81289abf44cb1b2ac

commit 2f6d7004e06dfb3d395547c81289abf44cb1b2ac
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-03 08:57:49 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-03 08:58:15 +0000

    [ GLSA 202402-06 ] FreeType: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/840224
    Bug: https://bugs.gentoo.org/881443
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-06.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)