A stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text rendering, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, a crafted IRC message to be viewed in HexChat or a crafted email to be viewed in Evolution.
Upstream fix (already public): https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
The bug has been referenced in the following commit(s):
Author: Mart Raudsepp <email@example.com>
AuthorDate: 2019-12-25 20:46:50 +0000
Commit: Mart Raudsepp <firstname.lastname@example.org>
CommitDate: 2019-12-25 20:50:28 +0000
dev-libs/fribidi: security bump to 1.0.8
Package-Manager: Portage-2.3.79, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <email@example.com>
dev-libs/fribidi/Manifest | 1 +
dev-libs/fribidi/fribidi-1.0.8.ebuild | 37 +++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202003-41 at https://security.gentoo.org/glsa/202003-41
by GLSA coordinator Thomas Deutschmann (whissi).