Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS

Related Vulnerabilities: CVE-2014-2240   CVE-2014-2241  

Source

Debian Bug report logs - #741299
freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS

version graph

Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hugh.mcmaster@outlook.com>;

Reported by: Raphael Geissert <geissert@debian.org>

Date: Mon, 10 Mar 2014 22:21:01 UTC

Severity: grave

Tags: patch, security

Found in version freetype/2.5.1-1

Fixed in version freetype/2.5.2-1.1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#741299; Package src:freetype. (Mon, 10 Mar 2014 22:21:06 GMT) (full text, mbox, link).

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to Steve Langasek <vorlon@debian.org>. (Mon, 10 Mar 2014 22:21:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS
Date: Mon, 10 Mar 2014 23:19:14 +0100
Source: freetype
Version: 2.5.1-1
Severity: grave
Tags: patch

Hi,

Two vulnerabilities have been identified in freetype in the recently 
contributed CFF rasterizer code. Please refer to the references for the 
details.

From what I understood from the bug report, CVE-2014-2240 is the stack OOB 
read/write, while CVE-2014-2241 is the DoS caused by the assert.

References:
http://openwall.com/lists/oss-security/2014/03/10/2
http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
https://savannah.nongnu.org/bugs/?41697
https://bugzilla.redhat.com/show_bug.cgi?id=1074646

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Added tag(s) security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 11 Mar 2014 10:00:08 GMT) (full text, mbox, link).

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Fri, 08 Aug 2014 17:21:05 GMT) (full text, mbox, link).

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Fri, 08 Aug 2014 17:21:05 GMT) (full text, mbox, link).

Message #12 received at 741299-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 741299-close@bugs.debian.org
Subject: Bug#741299: fixed in freetype 2.5.2-1.1
Date: Fri, 08 Aug 2014 17:18:42 +0000
Source: freetype
Source-Version: 2.5.2-1.1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 741299@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Jul 2014 02:56:08 +0000
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.5.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 741299
Changes:
 freetype (2.5.2-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix two security issues in the CFF rasterizer (closes: #741299)
     - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
     - CVE-2014-2241: denial-of-service in cf2ft.c.
Checksums-Sha1:
 321b7edd9f716522f82a8fc5940f3c2e77053065 2792 freetype_2.5.2-1.1.dsc
 b209f6941fd0609dec38432e21f8f6969de53c0a 38710 freetype_2.5.2-1.1.diff.gz
 f3c31fc5e9fe818cccee098b26291a5e8222989d 456500 libfreetype6_2.5.2-1.1_amd64.deb
 4969cae2438abc508343b0dc9f3442fa0f980dce 630412 libfreetype6-dev_2.5.2-1.1_amd64.deb
 e2537c8bccda6990d74e5e8522829c5a611f680b 93554 freetype2-demos_2.5.2-1.1_amd64.deb
 8d1ee44319908fa8171be6341c409fd3af6ffa48 286096 libfreetype6-udeb_2.5.2-1.1_amd64.udeb
Checksums-Sha256:
 ccd307e6d8f338aabff59793da687fb5f3221cf8375a7990694180e95ade4219 2792 freetype_2.5.2-1.1.dsc
 bc0399084663ae762f6b3ad79d255286cc277abc2fb5350c72bcd6fa96b616ad 38710 freetype_2.5.2-1.1.diff.gz
 d2d42bd05858a6de74145ffe672013121f38d390bce9829560571c70b8d22443 456500 libfreetype6_2.5.2-1.1_amd64.deb
 859d790500b16207c923e8085903ef74eb641bcbd9da6048ffe3e507088aad0a 630412 libfreetype6-dev_2.5.2-1.1_amd64.deb
 45dc1b01986f397a5d2a7c30d71c9a8023d822e8d350642673eee77693bafadf 93554 freetype2-demos_2.5.2-1.1_amd64.deb
 8a28f99bb5149db5ae56554fb66899a58dd09f3b9a1ba95dc12c7b3c9fdb8f30 286096 libfreetype6-udeb_2.5.2-1.1_amd64.udeb
Files:
 17be7091ad243067e1fcd5ab4aebdb59 456500 libs optional libfreetype6_2.5.2-1.1_amd64.deb
 f31177445871c3711b76382a7e66e9c0 630412 libdevel optional libfreetype6-dev_2.5.2-1.1_amd64.deb
 2d56b63f3c1028d4ad8ff632b9c990b5 93554 utils optional freetype2-demos_2.5.2-1.1_amd64.deb
 f76828d6ddda15fb5a9321e94e85d879 286096 debian-installer extra libfreetype6-udeb_2.5.2-1.1_amd64.udeb
 e978a56b3eec8e7363b23322aa99640c 2792 libs optional freetype_2.5.2-1.1.dsc
 f3d74c8a98075a5bc91358148dd3d680 38710 libs optional freetype_2.5.2-1.1.diff.gz
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJT5QUuAAoJELjWss0C1vRzIMIf+wXhB2FplUDzRWgoYAEvMI1b
wAGIC31rMnzrx5Pz9fBlCqYzlExQiK3uEmvlxM+LZEfBMssdu0yfEuQFMokAcGYQ
5lyZKqtSdNb4wBJo1KoEOXyMJAyR8/X1qeCSgKaJpF3YYH9yZ30ggdP7y93WfRRj
FQO9snp68a0I3LkQXKCIsmQYDUMG9iSfEUyihAwf9pxqKfEW3bNYxFdggC0cS2RM
5htMyuRY07t1gxkn1a5/ZOLZ7+NPhFJIq5Kn/v2CAhPL08SHz1Q5fkjhe9bpXlTm
pVY/oCl9q11R8xKnz2gfexCX5VJa4nEoNhb1VQ1/0rzUYIP/0gfxRh73HJJRDcNM
Ya7fvvEdZT9A6uGNB5MuX1TJUbHn41Y/lxz6fU8Yq+N/5rFspP7d+AGFq1W/XCk6
DgNkksa4Let8IRRJwE9nygfzDT7aWDb4fm4nttxrJiPpsJ/3MFfWkgfi2C89xexh
Eca0T1vlCrKAraB+QdYnZC3wTobHQeaS4cRrmlwy2WHItsCGjJSipPRo5Cb9LNDt
LjQzipGfk8/XJbZQ8386h4H5VwGKoUpIChLDV5+QXlZwst26t0ZzsUsqKma/z++H
H+Zv5mtLxfZ1N8vU0matVmn+ckhu1W7cSupVJXwCbXNyFQPNc5NUjWqbX5fr0aX7
hMO1hlNdvialRoTOVc9RtVUIDEk9BINA1gfHDWIWgRqlfSP/xPLotOZiXLEy1aFC
uKYLpIGL5ZrgkdPcTTVu2s6yt5z7O+QFi9Jw0Focks22Do/ZQZ8BKjUjn9ETPDpL
KKB44LbcbXExr+dVR0dX6QU7wPiTXu+VP9Z+O62CUnMf3SuGFC8oYBq0prNhS5PB
6oMkBhKlivGeZymmYMJrZyILjb+CFmNcvLD9S9pEwD3QBWU1PrtiTBK9wMdOgCWJ
BuQiC6suvSJFhWcl3qKhiUx5MrG+oEgM5J1mDeybxvvQ1S5ORgiqd0TErclJSWUl
EnwTVLJbTTplnlyr7s2hrxM9DTjTkcyx/yX7m8bY4bwggf6ZbroYBoDKaUYDHSTJ
vrFNupk2pn/fhQJoHrGnLx7o7t8kuA7yNpigCdIbEz6jNaFjXeA6LitzLlAuMZ16
THRPl6axls+R/OqNLGOvtY5e2FM58b2nmDsAfqR3XMaGJAuHlwwgvqZR6gbFd0qY
fMMxOs2li25FWQc+3FeR48u60udp6fpppCvw/0IGjDDnIRk9bdk99ETYmAxrOhNq
MNEmmsdgghsNXXZkyepbyOYY3FPlEP0mJe9InolRVHyjfMSFEA4rF+wsOEsDBBuo
1BiYNlx8piheTn++YUMVv5FIZscr6+X5rxrL+9p/gfVonjvQtqGJh8+Q2MgwKOI=
=uAxc
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#741299; Package src:freetype. (Sat, 09 Aug 2014 09:18:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Sat, 09 Aug 2014 09:18:04 GMT) (full text, mbox, link).

Message #17 received at 741299@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 741299@bugs.debian.org
Subject: re: freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS
Date: Sat, 9 Aug 2014 05:14:35 -0400
[Message part 1 (text/plain, inline)]
control: tag -1 patch

Hi, I've uploaded an nmu fixing this issue.  Please see attached patch.

Best wishes,
Mike

[freetype.patch (text/x-patch, attachment)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 07 Sep 2014 07:35:45 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:03:12 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started