FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

graphite2 -- out-of-bounds write with malicious font

Affected packages
graphite2 < 1.3.9_1
linux-c7-graphite2 < 1.3.10

Details

VuXML ID cf133acc-82e7-4755-a66a-5ddf90dacbe6
Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-04-20

Mozilla Foundation reports:

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.

References

CVE Name CVE-2017-5436
URL https://github.com/silnrsi/graphite/commit/1ce331d5548b