| Summary: | dev-libs/icu: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | office |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1210829 | ||
| Whiteboard: | A3 [upstream/ebuild] | ||
| Package list: | Runtime testing required: | --- | |
The fix was added 2 years ago, so the bug is not relevant. |
From ${URL} : An off-by-one error, leading to heap-based buffer overflow in the ICU Layout Engine ligature substitution processor. A check which was added as part of fix for CVE-2013-1569 (bug 952711) / CVE-2013-2383 (bug 952708) / CVE-2013-2384 (bug 952709) was found to contain an incorrect array boundary check. A specially crafted file could cause an application using ICU to parse untrusted font files to crash or, possibly, execute arbitrary code. The original fix was added to OpenJDK and ICU via the following commits: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7 http://bugs.icu-project.org/trac/changeset/33535 http://bugs.icu-project.org/trac/ticket/10107 ICU code is embedded the 2D component in OpenJDK and used by FontManager. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.