CLD-415 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-7475 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) cairo
Deficiency Type SECURITY
Date Created 2018-05-28 15:32:01
Date Last Modified 2018-05-29 10:21:09

Version Specific Information:

Cucumber 1.0 i686fixed in cairo-1.14.8-i686-5
Cucumber 1.0 x86_64fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5

Cucumber 1.1 i686 fixed in cairo-1.14.8-i686-5
Cucumber 1.1 x86_64 fixed in cairo-1.14.8-x86_64-5 and cairo-lib_i686-1.14.8-lib_i686-5


=================================== Overview ===================================

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the
FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. 

================================ Initial Report ================================



## Overview
I and my colleague have found a vulnerability of Cairo-1.15.4 when fuzzing
HarfBuzz with AFL.
Cairo is a 2d graphics library, and HarBuzz is an OpenType text shaping
engine which contains a tool named *hb-view* to give a graphical view of
text using Cairo with a font provided by user.
Owing to logical problem in program, the crash happens during null pointer
deference and the vulnerability will cause a denial-of-service attack with
a crafted font file.

## Note
I have reported this issue to cairo and here is the link:

When I disclosure to Red Hat Product Security, they suggest me to use
CVE-2017-7475 for this issue and I have communicated this number to

============================ Additional Information ============================

See Original bug report at:

See SUSE bug report at:

================================= Our Analysis =================================

----- Affected Products -----
Versions of cairo that have not had the patch from applied are vulnerable.
This includes cairo as originally packaged in Cucumber Linux 1.0 and 1.1.

----- Scope and Impact of this Vulnerability -----
Allows for a denial of service.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt.