Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in cairo-1.14.8-i686-5 |
|Cucumber 1.0 x86_64||fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5 |
|Cucumber 1.1 i686
||fixed in cairo-1.14.8-i686-5 |
|Cucumber 1.1 x86_64
||fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5 |
=================================== Overview ===================================
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the
FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
================================ Initial Report ================================
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing
HarfBuzz with AFL.
Cairo is a 2d graphics library, and HarBuzz is an OpenType text shaping
engine which contains a tool named *hb-view* to give a graphical view of
text using Cairo with a font provided by user.
Owing to logical problem in program, the crash happens during null pointer
deference and the vulnerability will cause a denial-of-service attack with
a crafted font file.
I have reported this issue to cairo and here is the link:
When I disclosure to Red Hat Product Security, they suggest me to use
CVE-2017-7475 for this issue and I have communicated this number to
============================ Additional Information ============================
See Original bug report at:
See SUSE bug report at:
================================= Our Analysis =================================
----- Affected Products -----
Versions of cairo that have not had the patch from
https://bugs.freedesktop.org/attachment.cgi?id=131213 applied are vulnerable.
This includes cairo as originally packaged in Cucumber Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
Allows for a denial of service.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt.