Описание
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file.
Отчет
Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6, bundle a version (2.4.11) of freetype in gtk3-private, the version is not affected by this flaw because the vulnerable code was introduced in a subsequent version of freetype. The freetype package shipped with Red Hat Enterprise Linux 5 and 6 is not affected as the vulnerable code was introduced in a subsequent version of freetype. go-freetype as shipped with Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw because it ships a pure go implementation of freetype which does not include the vulnerable code.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | go-freetype | Not affected | ||
| Red Hat Enterprise Linux 5 | freetype | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | freetype | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 6 Supplementary | chromium-browser | Fixed | RHSA-2020:4351 | 26.10.2020 |
| Red Hat Enterprise Linux 7 | freetype | Fixed | RHSA-2020:4907 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | freetype | Fixed | RHSA-2020:4952 | 05.11.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | freetype | Fixed | RHSA-2020:4949 | 05.11.2020 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | freetype | Fixed | RHSA-2020:4950 | 05.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ...
EPSS
8.6 High
CVSS3