699338 – (CVE-2019-18397) <dev-libs/fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c (CVE-2019-18397)

Bug 699338 (CVE-2019-18397) - <dev-libs/fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c (CVE-2019-18397)

Summary: <dev-libs/fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embeddi...

Status:	RESOLVED FIXED

Alias:	CVE-2019-18397

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2019-11-04 21:37 UTC by Thomas Deutschmann (RETIRED)
Modified:	2020-03-19 16:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	dev-libs/fribidi-1.0.8
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2019-11-04 21:37:22 UTC

A stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text rendering, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, a crafted IRC message to be viewed in HexChat or a crafted email to be viewed in Evolution.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-11-04 21:38:33 UTC

Upstream fix (already public): https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568

Comment 2 Larry the Git Cow gentoo-dev

2019-12-25 20:50:47 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e557a14b9c35e0ea9b8a29f50d22a96b9e7fc1

commit 77e557a14b9c35e0ea9b8a29f50d22a96b9e7fc1
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-12-25 20:46:50 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-12-25 20:50:28 +0000

    dev-libs/fribidi: security bump to 1.0.8
    
    Bug: https://bugs.gentoo.org/699338
    Package-Manager: Portage-2.3.79, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 dev-libs/fribidi/Manifest             |  1 +
 dev-libs/fribidi/fribidi-1.0.8.ebuild | 37 +++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

Comment 3 Agostino Sarubbo gentoo-dev

2019-12-26 18:45:56 UTC

amd64 stable

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2019-12-27 17:21:25 UTC

arm64 stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2019-12-28 12:35:11 UTC

ia64 stable

Comment 6 Rolf Eike Beer archtester

2019-12-29 20:07:54 UTC

hppa/sparc stable

Comment 7 Agostino Sarubbo gentoo-dev

2019-12-30 12:29:22 UTC

x86 stable

Comment 8 Agostino Sarubbo gentoo-dev

2019-12-30 15:34:00 UTC

ppc64 stable

Comment 9 Agostino Sarubbo gentoo-dev

2019-12-30 15:53:47 UTC

ppc stable

Comment 10 Agostino Sarubbo gentoo-dev

2020-01-01 12:53:41 UTC

arm stable

Comment 11 Agostino Sarubbo gentoo-dev

2020-01-03 12:30:53 UTC

s390 stable

Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-19 16:34:43 UTC

New GLSA request filed.

Comment 13 GLSAMaker/CVETool Bot gentoo-dev

2020-03-19 16:43:01 UTC

This issue was resolved and addressed in
 GLSA 202003-41 at https://security.gentoo.org/glsa/202003-41
by GLSA coordinator Thomas Deutschmann (whissi).