libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text

Debian Bug report logs - #1010671
libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Neil Williams <codehelp@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text

Date: Fri, 06 May 2022 15:25:00 +0100

Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: codehelp@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libsdl2-ttf.

CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
| memory write via the function TTF_RenderText_Solid(). This
| vulnerability is triggered via a crafted TTF file.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-27470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27470

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libsdl2-ttf-dev depends on:
ii  libc6-dev          2.34-0experimental2
ii  libsdl2-dev        2.0.22+dfsg-3
ii  libsdl2-ttf-2.0-0  2.0.18+dfsg-2

libsdl2-ttf-dev recommends no packages.

libsdl2-ttf-dev suggests no packages.

-- no debconf information

Message #26 received at 1010671-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1010671-close@bugs.debian.org

Subject: Bug#1010671: fixed in libsdl2-ttf 2.0.18+dfsg-3

Date: Sat, 07 May 2022 11:34:18 +0000

Source: libsdl2-ttf
Source-Version: 2.0.18+dfsg-3
Done: Simon McVittie <smcv@debian.org>

We believe that the bug you reported is fixed in the latest version of
libsdl2-ttf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010671@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated libsdl2-ttf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 07 May 2022 11:34:44 +0100
Source: libsdl2-ttf
Architecture: source
Version: 2.0.18+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 1010671
Changes:
 libsdl2-ttf (2.0.18+dfsg-3) unstable; urgency=medium
 .
   * Team upload
   * Add patches from upstream to fix overflows
     - Integer overflow with crafted/malicious TTF files
       (Closes: #1010671, CVE-2022-27470)
     - Buffer overflow if memory allocation fails
Checksums-Sha1:
 73e7684e790af678404046cbd5512d361c2267de 2395 libsdl2-ttf_2.0.18+dfsg-3.dsc
 ce9aee94ea5188f1846e97807d2a1988528610ef 8252 libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
 a48972fc75d875a6458bd2b5973c75c892883941 10542 libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo
Checksums-Sha256:
 73b227018424790969db13e7aa40547a5aad3e734bac80941cd86a7f406a224e 2395 libsdl2-ttf_2.0.18+dfsg-3.dsc
 ec1f400d6348fdfbc05d2b1e0b6a91ff5c9268819aba70fc3d604a44016806f9 8252 libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
 9253e5d3d9050f5343aa794d19797bb565f0f573423cc3fba5be354e590ab00b 10542 libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo
Files:
 4b47cf162d6bedc0a3bfd3786b9c492c 2395 libs optional libsdl2-ttf_2.0.18+dfsg-3.dsc
 a70b55d109a84c290432c2db82c38595 8252 libs optional libsdl2-ttf_2.0.18+dfsg-3.debian.tar.xz
 4bfd6b13c1f8333afde6e70586e32a0d 10542 libs optional libsdl2-ttf_2.0.18+dfsg-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmJ2VoIACgkQ4FrhR4+B
TE8puA/9Eh5n3drP+r5874AY5O5GiXe/gDUL8fEGruU/1BDMq142qHCZJDYUR5HG
Jgh4DLqgPQ874nGIMF1UXlj8fHEO5Yv9IZtanw3kpTejOXpAnR8RMulHT2etsPym
boYy6uE1QTAdLtgRAVt881XY2/4gi2wFLkTOyvaXhxy5nKjLRYHsNViqzPmwBFqs
xNVv1s36o/2gsPZf0Oo7uNjWi2of23VXVH483jRiczZqbP4QjWdbtky6Kh9XbySu
8DH8GpvZ8HXYyZQfK/TmGj7zAlYHqPVAJupSCF1hi7yU/oD5+U+wJU/ThJRgpYYP
fKX2PgIxwPh+brJkbLaR6EeVI+RHRQU9HLhdEvmwsgyOk9PfrMsiheNmBvSEKI3l
8pvUAnBhXglCDtjaIEV24wQF8zvwHal19bGFhUlgn+gmsenAqRWpiEko4Tb1TwFL
txM+YsPUXjnG7O79xTREeXFgPE34aJ9fq35NihJbM0WbwZ9hOsdfQWGOnXJ9GDzf
sMl9KR/+MQJv7qVtg+Xu2wctBpA7zQ+EqYO2fh78eA08mF0W5b9chT8cOC/kNLdx
cSi1myWdEw5GPu81sJk8xHQaqPWk4aXz5dqR+jARgtVbNR336mp1FgB85tIpU8AA
3vXionREFqZ6kDXIbFxg8cu7qT7deo2xkeSap3n59E+CPS0RSCw=
=ROvo
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.