Advisories » MGASA-2016-0264

Updated harfbuzz packages fix security vulnerability

Publication date: 26 Jul 2016
Modification date: 26 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8947 , CVE-2016-2052

Description

Two memory access issues, including a heap-based buffer overflow
(CVE-2015-8947) and incorrect table length check (CVE-2016-2052) could
lead to a denial of service when rendering a crafted OpenType font.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18971
• http://openwall.com/lists/oss-security/2016/07/17/8
• http://openwall.com/lists/oss-security/2016/07/19/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052

SRPMS

5/core

• harfbuzz-0.9.36-1.1.mga5