Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-04
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
| Products | Libgxps, Leap, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html
• https://access.redhat.com/errata/RHSA-2018:3505 • https://access.redhat.com/errata/RHSA-2018:3140 • https://access.redhat.com/errata/RHBA-2019:0327 • https://bugzilla.redhat.com/show_bug.cgi?id=1574844 |