Summary: | <media-gfx/graphite2-1.3.7: multiple font parsing vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | atoth, office |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1315795 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-03-09 14:58:24 UTC
Should we use this bug for other packages that bundle grapite2 (firefox, thunderbird) as well? (In reply to Ian Stakenvicius from comment #1) > Should we use this bug for other packages that bundle grapite2 (firefox, > thunderbird) as well? I tend to prefer trackers , for graphite2 example see bug 574972 Arches please stabilize media-gfx/graphite2-1.3.7 dev-python/fonttools-3.0 Target: all stable arches Note: alpha and sparc haven't even keyworded this yet, see bug 575782 amd64 stable Stable for HPPA PPC64. ppc stable arm stable x86 stable Alpha done. (In reply to Tobias Klausmann from comment #9) > Alpha done. alpha still missing, probably something went wrong... ia64, sparc: ping! (In reply to Andreas K. Hüttel from comment #10) > (In reply to Tobias Klausmann from comment #9) > > Alpha done. > > alpha still missing, probably something went wrong... Fixed now. ia64, sparc: please continue in bug 585354 instead. office out There is a call for stabilization in bug 585354, will continue in that one since it is almost done. But still need keywording. CVE-2016-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. CVE-2016-2800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. CVE-2016-2799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. CVE-2016-2796 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. CVE-2016-2794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. CVE-2016-2791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. CVE-2016-1977 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. This issue was resolved and addressed in GLSA 201701-63 at https://security.gentoo.org/glsa/201701-63 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. @ Maintainer(s): Please cleanup and drop <media-gfx/graphite2-1.3.7. Version no longer in tree. Arches and Maintainer(s), Thank you for your work. All done. |