CLD-415 Details

Other IDs this deficiency may be known by:

CVE ID	CVE-2017-7475 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s)	cairo
Deficiency Type	SECURITY
Date Created	2018-05-28 15:32:01
Date Last Modified	2018-05-29 10:21:09

Version Specific Information:

Cucumber 1.0 i686	fixed in cairo-1.14.8-i686-5
Cucumber 1.0 x86_64	fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5

Cucumber 1.1 i686	fixed in cairo-1.14.8-i686-5
Cucumber 1.1 x86_64	fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5

Details:

=================================== Overview ===================================

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the
FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. 

================================ Initial Report ================================

From http://seclists.org/oss-sec/2017/q2/151:

Hello,

## Overview
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing
HarfBuzz with AFL.
Cairo is a 2d graphics library, and HarBuzz is an OpenType text shaping
engine which contains a tool named *hb-view* to give a graphical view of
text using Cairo with a font provided by user.
Owing to logical problem in program, the crash happens during null pointer
deference and the vulnerability will cause a denial-of-service attack with
a crafted font file.

## Note
I have reported this issue to cairo and here is the link:
https://bugs.freedesktop.org/show_bug.cgi?id=100763.

When I disclosure to Red Hat Product Security, they suggest me to use
CVE-2017-7475 for this issue and I have communicated this number to
upstream.

============================ Additional Information ============================

See Original bug report at:
https://bugs.freedesktop.org/show_bug.cgi?id=100763#c6

See SUSE bug report at:
https://bugzilla.suse.com/show_bug.cgi?id=1036789

================================= Our Analysis =================================

----- Affected Products -----
Versions of cairo that have not had the patch from
https://bugs.freedesktop.org/attachment.cgi?id=131213 applied are vulnerable.
This includes cairo as originally packaged in Cucumber Linux 1.0 and 1.1.

----- Scope and Impact of this Vulnerability -----
Allows for a denial of service.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from
https://bugs.freedesktop.org/attachment.cgi?id=131213.

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt.