Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-6942
Vulnerability from cvelistv5
Published
2018-02-13 05:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"name": "USN-3572-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:0704",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-23T23:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"name": "USN-3572-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:0704",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"name": "USN-3572-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:0704",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6942",
"datePublished": "2018-02-13T05:00:00",
"dateReserved": "2018-02-12T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-6942\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-02-13T05:29:00.267\",\"lastModified\":\"2024-11-21T04:11:27.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema hasta la versi\u00f3n 2.9 de FreeType 2. Una desreferencia de puntero NULL en la funci\u00f3n Ins_GETVARIATION() en ttinterp.c podr\u00eda conducir a DoS mediante un archivo de fuentes manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9\",\"matchCriteriaId\":\"C079B991-75F4-471A-8F9B-9561EBF07A3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3572-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3572-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
opensuse-su-2020:0704-1
Vulnerability from csaf_opensuse
Published
2020-05-23 18:14
Modified
2020-05-23 18:14
Summary
Security update for freetype2
Notes
Title of the patch
Security update for freetype2
Description of the patch
This update for freetype2 to version 2.10.1 fixes the following issues:
Security issue fixed:
- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).
Non-security issues fixed:
- Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since
the data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced
in version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and
its related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and
height of OpenType fonts has been slightly adjusted for
consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set
the glyph for the undefined character at glyph index 0 (as
FreeType already does for all other supported font formats). As
a consequence, the order of glyphs of a PCF font if accessed
with FreeType can be different now compared to previous
versions.
This change doesn't affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure
now holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed
fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
been removed.These two functions were public by oversight only
and were never documented.
* A new function `FT_Error_String' returns descriptions of error
codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
defined.
* `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
functions limited to Adobe MultiMaster fonts to directly set and
get the weight vector.
- Enable subpixel rendering with infinality config:
- Re-enable freetype-config, there is just too many fallouts.
- Update to version 2.9.1
* Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
* CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
* Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
* Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
* The auto-hinter script ranges have been updated for Unicode 11.
No support for new scripts have been added, however, with the
exception of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled
by default.
- Update to version 2.10.1
* The `ftmulti' demo program now supports multiple hidden axes with
the same name tag.
* `ftview', `ftstring', and `ftgrid' got a `-k' command line option
to emulate a sequence of keystrokes at start-up.
* `ftview', `ftstring', and `ftgrid' now support screen dumping to a
PNG file.
* The bytecode debugger, `ttdebug', now supports variation TrueType
fonts; a variation font instance can be selected with the new `-d'
command line option.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* The `ftdump' demo program has new options `-c' and `-C' to
display charmaps in compact and detailed format, respectively.
Option `-V' has been removed.
* The `ftview', `ftstring', and `ftgrid' demo programs use a new
command line option `-d' to specify the program window's width,
height, and color depth.
* The `ftview' demo program now displays red boxes for zero-width
glyphs.
* `ftglyph' has limited support to display fonts with
color-layered glyphs.This will be improved later on.
* `ftgrid' can now display bitmap fonts also.
* The `ttdebug' demo program has a new option `-f' to select a
member of a TrueType collection (TTC).
* Other various improvements to the demo programs.
- Remove 'Supplements: fonts-config' to avoid accidentally pulling
in Qt dependencies on some non-Qt based desktops.(bsc#1091109)
fonts-config is fundamental but ft2demos seldom installs by end users.
only fonts-config maintainers/debuggers may use ft2demos along to
debug some issues.
- Update to version 2.9.1
* No changelog upstream.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-704
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freetype2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n * The bytecode hinting of OpenType variation fonts was flawed, since\n the data in the `CVAR\u0027 table wasn\u0027t correctly applied.\n * Auto-hinter support for Mongolian.\n * The handling of the default character in PCF fonts as introduced\n in version 2.10.0 was partially broken, causing premature abortion\n of charmap iteration for many fonts.\n * If `FT_Set_Named_Instance\u0027 was called with the same arguments\n twice in a row, the function returned an incorrect error code the\n second time.\n * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug\n introduced in version 2.10.0).\n * Increased precision while computing OpenType font variation\n instances.\n * The flattening algorithm of cubic Bezier curves was slightly\n changed to make it faster. This can cause very subtle rendering\n changes, which aren\u0027t noticeable by the eye, however.\n * The auto-hinter now disables hinting if there are blue zones\n defined for a `style\u0027 (i.e., a certain combination of a script and\n its related typographic features) but the font doesn\u0027t contain any\n characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * A bunch of new functions has been added to access and process\n COLR/CPAL data of OpenType fonts with color-layered glyphs.\n * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n * The logic for computing the global ascender, descender, and\n height of OpenType fonts has been slightly adjusted for\n consistency.\n * `TT_Set_MM_Blend\u0027 could fail if called repeatedly with the same\n arguments.\n * The precision of handling deltas in Variation Fonts has been\n increased.The problem did only show up with multidimensional\n designspaces.\n * New function `FT_Library_SetLcdGeometry\u0027 to set up the geometry\n of LCD subpixels.\n * FreeType now uses the `defaultChar\u0027 property of PCF fonts to set\n the glyph for the undefined character at glyph index 0 (as\n FreeType already does for all other supported font formats). As\n a consequence, the order of glyphs of a PCF font if accessed\n with FreeType can be different now compared to previous\n versions.\n This change doesn\u0027t affect PCF font access with cmaps.\n * `FT_Select_Charmap\u0027 has been changed to allow parameter value\n `FT_ENCODING_NONE\u0027, which is valid for BDF, PCF, and Windows FNT\n formats to access built-in cmaps that don\u0027t have a predefined\n `FT_Encoding\u0027 value.\n * A previously reserved field in the `FT_GlyphSlotRec\u0027 structure\n now holds the glyph index.\n * The usual round of fuzzer bug fixes to better reject malformed\n fonts.\n * `FT_Outline_New_Internal\u0027 and `FT_Outline_Done_Internal\u0027 have\n been removed.These two functions were public by oversight only\n and were never documented.\n * A new function `FT_Error_String\u0027 returns descriptions of error\n codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n defined.\n * `FT_Set_MM_WeightVector\u0027 and `FT_Get_MM_WeightVector\u0027 are new\n functions limited to Adobe MultiMaster fonts to directly set and\n get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n * Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n * CVE-2018-6942: Older FreeType versions can crash with certain\n malformed variation fonts.\n * Bug fix: Multiple calls to `FT_Get_MM_Var\u0027 returned garbage.\n * Emboldening of bitmaps didn\u0027t work correctly sometimes, showing\n various artifacts (bug introduced in version 2.8.1).\n * The auto-hinter script ranges have been updated for Unicode 11.\n No support for new scripts have been added, however, with the\n exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n by default.\n\n- Update to version 2.10.1\n * The `ftmulti\u0027 demo program now supports multiple hidden axes with\n the same name tag.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 got a `-k\u0027 command line option\n to emulate a sequence of keystrokes at start-up.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 now support screen dumping to a\n PNG file.\n * The bytecode debugger, `ttdebug\u0027, now supports variation TrueType\n fonts; a variation font instance can be selected with the new `-d\u0027\n command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * The `ftdump\u0027 demo program has new options `-c\u0027 and `-C\u0027 to\n display charmaps in compact and detailed format, respectively.\n Option `-V\u0027 has been removed.\n * The `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 demo programs use a new\n command line option `-d\u0027 to specify the program window\u0027s width,\n height, and color depth.\n * The `ftview\u0027 demo program now displays red boxes for zero-width\n glyphs.\n * `ftglyph\u0027 has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n * `ftgrid\u0027 can now display bitmap fonts also.\n * The `ttdebug\u0027 demo program has a new option `-f\u0027 to select a\n member of a TrueType collection (TTC).\n * Other various improvements to the demo programs.\n\n- Remove \u0027Supplements: fonts-config\u0027 to avoid accidentally pulling\n in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n fonts-config is fundamental but ft2demos seldom installs by end users.\n only fonts-config maintainers/debuggers may use ft2demos along to\n debug some issues. \n\n- Update to version 2.9.1\n * No changelog upstream.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-704",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0704-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0704-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7HRHABTHHJKCUCCIG4MN5VYZ47BLAVKH/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0704-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7HRHABTHHJKCUCCIG4MN5VYZ47BLAVKH/"
},
{
"category": "self",
"summary": "SUSE Bug 1079603",
"url": "https://bugzilla.suse.com/1079603"
},
{
"category": "self",
"summary": "SUSE Bug 1091109",
"url": "https://bugzilla.suse.com/1091109"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6942 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6942/"
}
],
"title": "Security update for freetype2",
"tracking": {
"current_release_date": "2020-05-23T18:14:34Z",
"generator": {
"date": "2020-05-23T18:14:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0704-1",
"initial_release_date": "2020-05-23T18:14:34Z",
"revision_history": [
{
"date": "2020-05-23T18:14:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
"product": {
"name": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
"product_id": "freetype2-devel-2.10.1-lp151.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-lp151.4.3.1.i586",
"product": {
"name": "libfreetype6-2.10.1-lp151.4.3.1.i586",
"product_id": "libfreetype6-2.10.1-lp151.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"product": {
"name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"product_id": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"product_id": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"product_id": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ft2demos-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftbench-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftbench-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftdiff-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftdump-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftdump-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftgamma-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftgrid-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftinspect-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftlint-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftlint-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftmulti-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftstring-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftstring-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftvalid-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "ftview-2.10.1-lp151.4.3.1.x86_64",
"product_id": "ftview-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"product_id": "libfreetype6-2.10.1-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
"product": {
"name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
"product_id": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586"
},
"product_reference": "freetype2-devel-2.10.1-lp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch"
},
"product_reference": "freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ft2demos-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ft2demos-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftbench-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftbench-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdiff-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftdiff-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftdump-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftdump-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftgamma-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftgamma-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftgrid-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftgrid-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftinspect-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftinspect-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftlint-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftlint-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftmulti-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftmulti-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftstring-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftstring-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftvalid-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftvalid-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ftview-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "ftview-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586"
},
"product_reference": "libfreetype6-2.10.1-lp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
},
"product_reference": "libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6942",
"url": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1.noarch",
"openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-23T18:14:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-6942"
}
]
}
opensuse-su-2024:10770-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
freetype2-devel-2.11.0-1.2 on GA media
Notes
Title of the patch
freetype2-devel-2.11.0-1.2 on GA media
Description of the patch
These are all security issues fixed in the freetype2-devel-2.11.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10770
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "freetype2-devel-2.11.0-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the freetype2-devel-2.11.0-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10770",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10770-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1351 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8105 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6942 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
}
],
"title": "freetype2-devel-2.11.0-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10770-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.11.0-1.2.aarch64",
"product": {
"name": "freetype2-devel-2.11.0-1.2.aarch64",
"product_id": "freetype2-devel-2.11.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
"product": {
"name": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
"product_id": "freetype2-devel-32bit-2.11.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
"product": {
"name": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
"product_id": "freetype2-profile-tti35-2.11.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.11.0-1.2.aarch64",
"product": {
"name": "libfreetype6-2.11.0-1.2.aarch64",
"product_id": "libfreetype6-2.11.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.11.0-1.2.aarch64",
"product": {
"name": "libfreetype6-32bit-2.11.0-1.2.aarch64",
"product_id": "libfreetype6-32bit-2.11.0-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.11.0-1.2.ppc64le",
"product": {
"name": "freetype2-devel-2.11.0-1.2.ppc64le",
"product_id": "freetype2-devel-2.11.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"product": {
"name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"product_id": "freetype2-devel-32bit-2.11.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"product": {
"name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"product_id": "freetype2-profile-tti35-2.11.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.11.0-1.2.ppc64le",
"product": {
"name": "libfreetype6-2.11.0-1.2.ppc64le",
"product_id": "libfreetype6-2.11.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
"product": {
"name": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
"product_id": "libfreetype6-32bit-2.11.0-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.11.0-1.2.s390x",
"product": {
"name": "freetype2-devel-2.11.0-1.2.s390x",
"product_id": "freetype2-devel-2.11.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.11.0-1.2.s390x",
"product": {
"name": "freetype2-devel-32bit-2.11.0-1.2.s390x",
"product_id": "freetype2-devel-32bit-2.11.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.11.0-1.2.s390x",
"product": {
"name": "freetype2-profile-tti35-2.11.0-1.2.s390x",
"product_id": "freetype2-profile-tti35-2.11.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.11.0-1.2.s390x",
"product": {
"name": "libfreetype6-2.11.0-1.2.s390x",
"product_id": "libfreetype6-2.11.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.11.0-1.2.s390x",
"product": {
"name": "libfreetype6-32bit-2.11.0-1.2.s390x",
"product_id": "libfreetype6-32bit-2.11.0-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.11.0-1.2.x86_64",
"product": {
"name": "freetype2-devel-2.11.0-1.2.x86_64",
"product_id": "freetype2-devel-2.11.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
"product_id": "freetype2-devel-32bit-2.11.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
"product": {
"name": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
"product_id": "freetype2-profile-tti35-2.11.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.11.0-1.2.x86_64",
"product": {
"name": "libfreetype6-2.11.0-1.2.x86_64",
"product_id": "libfreetype6-2.11.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.11.0-1.2.x86_64",
"product": {
"name": "libfreetype6-32bit-2.11.0-1.2.x86_64",
"product_id": "libfreetype6-32bit-2.11.0-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64"
},
"product_reference": "freetype2-devel-2.11.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le"
},
"product_reference": "freetype2-devel-2.11.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x"
},
"product_reference": "freetype2-devel-2.11.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64"
},
"product_reference": "freetype2-devel-2.11.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64"
},
"product_reference": "freetype2-devel-32bit-2.11.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le"
},
"product_reference": "freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x"
},
"product_reference": "freetype2-devel-32bit-2.11.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64"
},
"product_reference": "freetype2-devel-32bit-2.11.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64"
},
"product_reference": "freetype2-profile-tti35-2.11.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le"
},
"product_reference": "freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x"
},
"product_reference": "freetype2-profile-tti35-2.11.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-profile-tti35-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64"
},
"product_reference": "freetype2-profile-tti35-2.11.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64"
},
"product_reference": "libfreetype6-2.11.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le"
},
"product_reference": "libfreetype6-2.11.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x"
},
"product_reference": "libfreetype6-2.11.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64"
},
"product_reference": "libfreetype6-2.11.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.11.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64"
},
"product_reference": "libfreetype6-32bit-2.11.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.11.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le"
},
"product_reference": "libfreetype6-32bit-2.11.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.11.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x"
},
"product_reference": "libfreetype6-32bit-2.11.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.11.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
},
"product_reference": "libfreetype6-32bit-2.11.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-1351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1351"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1351",
"url": "https://www.suse.com/security/cve/CVE-2007-1351"
},
{
"category": "external",
"summary": "SUSE Bug 247732 for CVE-2007-1351",
"url": "https://bugzilla.suse.com/247732"
},
{
"category": "external",
"summary": "SUSE Bug 258335 for CVE-2007-1351",
"url": "https://bugzilla.suse.com/258335"
},
{
"category": "external",
"summary": "SUSE Bug 261141 for CVE-2007-1351",
"url": "https://bugzilla.suse.com/261141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-1351"
},
{
"cve": "CVE-2017-8105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8105"
}
],
"notes": [
{
"category": "general",
"text": "FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8105",
"url": "https://www.suse.com/security/cve/CVE-2017-8105"
},
{
"category": "external",
"summary": "SUSE Bug 1034186 for CVE-2017-8105",
"url": "https://bugzilla.suse.com/1034186"
},
{
"category": "external",
"summary": "SUSE Bug 1035807 for CVE-2017-8105",
"url": "https://bugzilla.suse.com/1035807"
},
{
"category": "external",
"summary": "SUSE Bug 1036457 for CVE-2017-8105",
"url": "https://bugzilla.suse.com/1036457"
},
{
"category": "external",
"summary": "SUSE Bug 1079459 for CVE-2017-8105",
"url": "https://bugzilla.suse.com/1079459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8105"
},
{
"cve": "CVE-2018-6942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6942",
"url": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6942"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-2.11.0-1.2.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
}
]
}
suse-su-2020:1353-1
Vulnerability from csaf_suse
Published
2020-05-20 11:02
Modified
2020-05-20 11:02
Summary
Security update for freetype2
Notes
Title of the patch
Security update for freetype2
Description of the patch
This update for freetype2 to version 2.10.1 fixes the following issues:
Security issue fixed:
- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).
Non-security issues fixed:
- Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since
the data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced
in version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and
its related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and
height of OpenType fonts has been slightly adjusted for
consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set
the glyph for the undefined character at glyph index 0 (as
FreeType already does for all other supported font formats). As
a consequence, the order of glyphs of a PCF font if accessed
with FreeType can be different now compared to previous
versions.
This change doesn't affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure
now holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed
fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
been removed.These two functions were public by oversight only
and were never documented.
* A new function `FT_Error_String' returns descriptions of error
codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
defined.
* `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
functions limited to Adobe MultiMaster fonts to directly set and
get the weight vector.
- Enable subpixel rendering with infinality config:
- Re-enable freetype-config, there is just too many fallouts.
- Update to version 2.9.1
* Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
* CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
* Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
* Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
* The auto-hinter script ranges have been updated for Unicode 11.
No support for new scripts have been added, however, with the
exception of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled
by default.
- Update to version 2.10.1
* The `ftmulti' demo program now supports multiple hidden axes with
the same name tag.
* `ftview', `ftstring', and `ftgrid' got a `-k' command line option
to emulate a sequence of keystrokes at start-up.
* `ftview', `ftstring', and `ftgrid' now support screen dumping to a
PNG file.
* The bytecode debugger, `ttdebug', now supports variation TrueType
fonts; a variation font instance can be selected with the new `-d'
command line option.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* The `ftdump' demo program has new options `-c' and `-C' to
display charmaps in compact and detailed format, respectively.
Option `-V' has been removed.
* The `ftview', `ftstring', and `ftgrid' demo programs use a new
command line option `-d' to specify the program window's width,
height, and color depth.
* The `ftview' demo program now displays red boxes for zero-width
glyphs.
* `ftglyph' has limited support to display fonts with
color-layered glyphs.This will be improved later on.
* `ftgrid' can now display bitmap fonts also.
* The `ttdebug' demo program has a new option `-f' to select a
member of a TrueType collection (TTC).
* Other various improvements to the demo programs.
- Remove 'Supplements: fonts-config' to avoid accidentally pulling
in Qt dependencies on some non-Qt based desktops.(bsc#1091109)
fonts-config is fundamental but ft2demos seldom installs by end users.
only fonts-config maintainers/debuggers may use ft2demos along to
debug some issues.
- Update to version 2.9.1
* No changelog upstream.
Patchnames
SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freetype2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n * The bytecode hinting of OpenType variation fonts was flawed, since\n the data in the `CVAR\u0027 table wasn\u0027t correctly applied.\n * Auto-hinter support for Mongolian.\n * The handling of the default character in PCF fonts as introduced\n in version 2.10.0 was partially broken, causing premature abortion\n of charmap iteration for many fonts.\n * If `FT_Set_Named_Instance\u0027 was called with the same arguments\n twice in a row, the function returned an incorrect error code the\n second time.\n * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug\n introduced in version 2.10.0).\n * Increased precision while computing OpenType font variation\n instances.\n * The flattening algorithm of cubic Bezier curves was slightly\n changed to make it faster. This can cause very subtle rendering\n changes, which aren\u0027t noticeable by the eye, however.\n * The auto-hinter now disables hinting if there are blue zones\n defined for a `style\u0027 (i.e., a certain combination of a script and\n its related typographic features) but the font doesn\u0027t contain any\n characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * A bunch of new functions has been added to access and process\n COLR/CPAL data of OpenType fonts with color-layered glyphs.\n * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n * The logic for computing the global ascender, descender, and\n height of OpenType fonts has been slightly adjusted for\n consistency.\n * `TT_Set_MM_Blend\u0027 could fail if called repeatedly with the same\n arguments.\n * The precision of handling deltas in Variation Fonts has been\n increased.The problem did only show up with multidimensional\n designspaces.\n * New function `FT_Library_SetLcdGeometry\u0027 to set up the geometry\n of LCD subpixels.\n * FreeType now uses the `defaultChar\u0027 property of PCF fonts to set\n the glyph for the undefined character at glyph index 0 (as\n FreeType already does for all other supported font formats). As\n a consequence, the order of glyphs of a PCF font if accessed\n with FreeType can be different now compared to previous\n versions.\n This change doesn\u0027t affect PCF font access with cmaps.\n * `FT_Select_Charmap\u0027 has been changed to allow parameter value\n `FT_ENCODING_NONE\u0027, which is valid for BDF, PCF, and Windows FNT\n formats to access built-in cmaps that don\u0027t have a predefined\n `FT_Encoding\u0027 value.\n * A previously reserved field in the `FT_GlyphSlotRec\u0027 structure\n now holds the glyph index.\n * The usual round of fuzzer bug fixes to better reject malformed\n fonts.\n * `FT_Outline_New_Internal\u0027 and `FT_Outline_Done_Internal\u0027 have\n been removed.These two functions were public by oversight only\n and were never documented.\n * A new function `FT_Error_String\u0027 returns descriptions of error\n codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n defined.\n * `FT_Set_MM_WeightVector\u0027 and `FT_Get_MM_WeightVector\u0027 are new\n functions limited to Adobe MultiMaster fonts to directly set and\n get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n * Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n * CVE-2018-6942: Older FreeType versions can crash with certain\n malformed variation fonts.\n * Bug fix: Multiple calls to `FT_Get_MM_Var\u0027 returned garbage.\n * Emboldening of bitmaps didn\u0027t work correctly sometimes, showing\n various artifacts (bug introduced in version 2.8.1).\n * The auto-hinter script ranges have been updated for Unicode 11.\n No support for new scripts have been added, however, with the\n exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n by default.\n\n- Update to version 2.10.1\n * The `ftmulti\u0027 demo program now supports multiple hidden axes with\n the same name tag.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 got a `-k\u0027 command line option\n to emulate a sequence of keystrokes at start-up.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 now support screen dumping to a\n PNG file.\n * The bytecode debugger, `ttdebug\u0027, now supports variation TrueType\n fonts; a variation font instance can be selected with the new `-d\u0027\n command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * The `ftdump\u0027 demo program has new options `-c\u0027 and `-C\u0027 to\n display charmaps in compact and detailed format, respectively.\n Option `-V\u0027 has been removed.\n * The `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 demo programs use a new\n command line option `-d\u0027 to specify the program window\u0027s width,\n height, and color depth.\n * The `ftview\u0027 demo program now displays red boxes for zero-width\n glyphs.\n * `ftglyph\u0027 has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n * `ftgrid\u0027 can now display bitmap fonts also.\n * The `ttdebug\u0027 demo program has a new option `-f\u0027 to select a\n member of a TrueType collection (TTC).\n * Other various improvements to the demo programs.\n\n- Remove \u0027Supplements: fonts-config\u0027 to avoid accidentally pulling\n in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n fonts-config is fundamental but ft2demos seldom installs by end users.\n only fonts-config maintainers/debuggers may use ft2demos along to\n debug some issues. \n\n- Update to version 2.9.1\n * No changelog upstream.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1353-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1353-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201353-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1353-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006839.html"
},
{
"category": "self",
"summary": "SUSE Bug 1079603",
"url": "https://bugzilla.suse.com/1079603"
},
{
"category": "self",
"summary": "SUSE Bug 1091109",
"url": "https://bugzilla.suse.com/1091109"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6942 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6942/"
}
],
"title": "Security update for freetype2",
"tracking": {
"current_release_date": "2020-05-20T11:02:36Z",
"generator": {
"date": "2020-05-20T11:02:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1353-1",
"initial_release_date": "2020-05-20T11:02:36Z",
"revision_history": [
{
"date": "2020-05-20T11:02:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.aarch64",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.aarch64",
"product_id": "freetype2-devel-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.aarch64",
"product": {
"name": "ft2demos-2.10.1-4.3.1.aarch64",
"product_id": "ft2demos-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftbench-2.10.1-4.3.1.aarch64",
"product_id": "ftbench-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftdiff-2.10.1-4.3.1.aarch64",
"product_id": "ftdiff-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftdump-2.10.1-4.3.1.aarch64",
"product_id": "ftdump-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftgamma-2.10.1-4.3.1.aarch64",
"product_id": "ftgamma-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftgrid-2.10.1-4.3.1.aarch64",
"product_id": "ftgrid-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftinspect-2.10.1-4.3.1.aarch64",
"product_id": "ftinspect-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftlint-2.10.1-4.3.1.aarch64",
"product_id": "ftlint-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftmulti-2.10.1-4.3.1.aarch64",
"product_id": "ftmulti-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftstring-2.10.1-4.3.1.aarch64",
"product_id": "ftstring-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftvalid-2.10.1-4.3.1.aarch64",
"product_id": "ftvalid-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftview-2.10.1-4.3.1.aarch64",
"product_id": "ftview-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.aarch64",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.aarch64",
"product_id": "libfreetype6-2.10.1-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product": {
"name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product_id": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product": {
"name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product_id": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.i586",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.i586",
"product_id": "freetype2-devel-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.i586",
"product": {
"name": "ft2demos-2.10.1-4.3.1.i586",
"product_id": "ft2demos-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.i586",
"product": {
"name": "ftbench-2.10.1-4.3.1.i586",
"product_id": "ftbench-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.i586",
"product": {
"name": "ftdiff-2.10.1-4.3.1.i586",
"product_id": "ftdiff-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.i586",
"product": {
"name": "ftdump-2.10.1-4.3.1.i586",
"product_id": "ftdump-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.i586",
"product": {
"name": "ftgamma-2.10.1-4.3.1.i586",
"product_id": "ftgamma-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.i586",
"product": {
"name": "ftgrid-2.10.1-4.3.1.i586",
"product_id": "ftgrid-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.i586",
"product": {
"name": "ftinspect-2.10.1-4.3.1.i586",
"product_id": "ftinspect-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.i586",
"product": {
"name": "ftlint-2.10.1-4.3.1.i586",
"product_id": "ftlint-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.i586",
"product": {
"name": "ftmulti-2.10.1-4.3.1.i586",
"product_id": "ftmulti-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.i586",
"product": {
"name": "ftstring-2.10.1-4.3.1.i586",
"product_id": "ftstring-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.i586",
"product": {
"name": "ftvalid-2.10.1-4.3.1.i586",
"product_id": "ftvalid-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.i586",
"product": {
"name": "ftview-2.10.1-4.3.1.i586",
"product_id": "ftview-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.i586",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.i586",
"product_id": "libfreetype6-2.10.1-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
"product": {
"name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
"product_id": "freetype2-profile-tti35-2.10.1-4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"product_id": "freetype2-devel-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ft2demos-2.10.1-4.3.1.ppc64le",
"product_id": "ft2demos-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftbench-2.10.1-4.3.1.ppc64le",
"product_id": "ftbench-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftdiff-2.10.1-4.3.1.ppc64le",
"product_id": "ftdiff-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftdump-2.10.1-4.3.1.ppc64le",
"product_id": "ftdump-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftgamma-2.10.1-4.3.1.ppc64le",
"product_id": "ftgamma-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftgrid-2.10.1-4.3.1.ppc64le",
"product_id": "ftgrid-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftinspect-2.10.1-4.3.1.ppc64le",
"product_id": "ftinspect-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftlint-2.10.1-4.3.1.ppc64le",
"product_id": "ftlint-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftmulti-2.10.1-4.3.1.ppc64le",
"product_id": "ftmulti-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftstring-2.10.1-4.3.1.ppc64le",
"product_id": "ftstring-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftvalid-2.10.1-4.3.1.ppc64le",
"product_id": "ftvalid-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftview-2.10.1-4.3.1.ppc64le",
"product_id": "ftview-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.ppc64le",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.ppc64le",
"product_id": "libfreetype6-2.10.1-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.s390x",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.s390x",
"product_id": "freetype2-devel-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.s390x",
"product": {
"name": "ft2demos-2.10.1-4.3.1.s390x",
"product_id": "ft2demos-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.s390x",
"product": {
"name": "ftbench-2.10.1-4.3.1.s390x",
"product_id": "ftbench-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.s390x",
"product": {
"name": "ftdiff-2.10.1-4.3.1.s390x",
"product_id": "ftdiff-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.s390x",
"product": {
"name": "ftdump-2.10.1-4.3.1.s390x",
"product_id": "ftdump-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.s390x",
"product": {
"name": "ftgamma-2.10.1-4.3.1.s390x",
"product_id": "ftgamma-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.s390x",
"product": {
"name": "ftgrid-2.10.1-4.3.1.s390x",
"product_id": "ftgrid-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.s390x",
"product": {
"name": "ftinspect-2.10.1-4.3.1.s390x",
"product_id": "ftinspect-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.s390x",
"product": {
"name": "ftlint-2.10.1-4.3.1.s390x",
"product_id": "ftlint-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.s390x",
"product": {
"name": "ftmulti-2.10.1-4.3.1.s390x",
"product_id": "ftmulti-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.s390x",
"product": {
"name": "ftstring-2.10.1-4.3.1.s390x",
"product_id": "ftstring-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.s390x",
"product": {
"name": "ftvalid-2.10.1-4.3.1.s390x",
"product_id": "ftvalid-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.s390x",
"product": {
"name": "ftview-2.10.1-4.3.1.s390x",
"product_id": "ftview-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.s390x",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.s390x",
"product_id": "libfreetype6-2.10.1-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.x86_64",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.x86_64",
"product_id": "freetype2-devel-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
"product_id": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.x86_64",
"product": {
"name": "ft2demos-2.10.1-4.3.1.x86_64",
"product_id": "ft2demos-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftbench-2.10.1-4.3.1.x86_64",
"product_id": "ftbench-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftdiff-2.10.1-4.3.1.x86_64",
"product_id": "ftdiff-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftdump-2.10.1-4.3.1.x86_64",
"product_id": "ftdump-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftgamma-2.10.1-4.3.1.x86_64",
"product_id": "ftgamma-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftgrid-2.10.1-4.3.1.x86_64",
"product_id": "ftgrid-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftinspect-2.10.1-4.3.1.x86_64",
"product_id": "ftinspect-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftlint-2.10.1-4.3.1.x86_64",
"product_id": "ftlint-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftmulti-2.10.1-4.3.1.x86_64",
"product_id": "ftmulti-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftstring-2.10.1-4.3.1.x86_64",
"product_id": "ftstring-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftvalid-2.10.1-4.3.1.x86_64",
"product_id": "ftvalid-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftview-2.10.1-4.3.1.x86_64",
"product_id": "ftview-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.x86_64",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.x86_64",
"product_id": "libfreetype6-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"product": {
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"product_id": "libfreetype6-32bit-2.10.1-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
},
"product_reference": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6942",
"url": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-20T11:02:36Z",
"details": "moderate"
}
],
"title": "CVE-2018-6942"
}
]
}
fkie_cve-2018-6942
Vulnerability from fkie_nvd
Published
2018-02-13 05:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freetype | freetype | * | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C079B991-75F4-471A-8F9B-9561EBF07A3A",
"versionEndIncluding": "2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema hasta la versi\u00f3n 2.9 de FreeType 2. Una desreferencia de puntero NULL en la funci\u00f3n Ins_GETVARIATION() en ttinterp.c podr\u00eda conducir a DoS mediante un archivo de fuentes manipulado."
}
],
"id": "CVE-2018-6942",
"lastModified": "2024-11-21T04:11:27.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T05:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2018-6942
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-6942",
"description": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"id": "GSD-2018-6942",
"references": [
"https://www.suse.com/security/cve/CVE-2018-6942.html",
"https://advisories.mageia.org/CVE-2018-6942.html",
"https://security.archlinux.org/CVE-2018-6942"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-6942"
],
"details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"id": "GSD-2018-6942",
"modified": "2023-12-13T01:22:35.469749Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"name": "USN-3572-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:0704",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6942"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"name": "USN-3572-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3572-1/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:0704",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-01-26T12:33Z",
"publishedDate": "2018-02-13T05:29Z"
}
}
}
ghsa-pjfg-6mwr-j367
Vulnerability from github
Published
2022-05-13 01:12
Modified
2022-05-13 01:12
Severity ?
Details
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
{
"affected": [],
"aliases": [
"CVE-2018-6942"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-13T05:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"id": "GHSA-pjfg-6mwr-j367",
"modified": "2022-05-13T01:12:00Z",
"published": "2022-05-13T01:12:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6942"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3572-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.