SB2017050127 - Heap-based buffer overflow in freetype (Alpine package)
Published: May 1, 2017
Security Bulletin ID
SB2017050127
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-8287)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in the t1_builder_close_contour function due to heap-based buffer overflow. A remote attacker can trigger out-of-bounds write and execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=686283c246936ebea184fd5c9b82d35b373bc6a8
- https://git.alpinelinux.org/aports/commit/?id=7a7493c33286ca7e43c8171cd6fad02bd13574c8
- https://git.alpinelinux.org/aports/commit/?id=89c7aef675e52f6296314b9c79c495732c7b5809
- https://git.alpinelinux.org/aports/commit/?id=b214882eb550b57e1a6f1c44dfdd338ad11850f9
- https://git.alpinelinux.org/aports/commit/?id=c5817a33b6ca1ed535e773a879e359fb32c39aa1
- https://git.alpinelinux.org/aports/commit/?id=e4bb22b94325a5d26f07a717475760c410e49f25
- https://git.alpinelinux.org/aports/commit/?id=5c9c87da94bc8d71f77e53686827b3935ac9ae50
- https://git.alpinelinux.org/aports/commit/?id=1050b6acec33be8e4a2e6838971c4861b62bbf9d