Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 546750 (CVE-2015-0469)

Summary: dev-libs/icu: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: office
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [upstream/ebuild]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-04-16 08:59:53 UTC
From ${URL} :

An off-by-one error, leading to heap-based buffer overflow in the ICU Layout Engine ligature 
substitution processor.  A check which was added as part of fix for CVE-2013-1569 (bug 952711) / 
CVE-2013-2383 (bug 952708) / CVE-2013-2384 (bug 952709) was found to contain an incorrect array 
boundary check.  A specially crafted file could cause an application using ICU to parse untrusted 
font files to crash or, possibly, execute arbitrary code.

The original fix was added to OpenJDK and ICU via the following commits:

ICU code is embedded the 2D component in OpenJDK and used by FontManager.  An untrusted Java 
application or applet could use this flaw to bypass certain Java sandbox restrictions.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2015-04-16 10:02:23 UTC
The fix was added 2 years ago, so the bug is not relevant.