97986 – Graphite code execution vulnerability

Bug 97986 - Graphite code execution vulnerability

Summary: Graphite code execution vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	graphics stack (show other bugs)
Version: (earliest affected)	unspecified
Hardware:	All All

Importance:	medium normal
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:	security

Depends on:
Blocks:

Reported:	2016-02-18 19:43 UTC by gandalf
Modified:	2016-02-18 20:06 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description gandalf 2016-02-18 19:43:04 UTC

Holger Fuhrmannek discovered that missing input sanitising in the
Graphite font rendering engine could result in the execution of arbitrary
code.

http://www.talosintel.com/reports/TALOS-2016-0058/

After looking for information about the version of libreoffice that fixes this issue, I could not find any indication of such a patch, assuming the issue still exists in libreoffice. Sorry if this is a duplicate.

Comment 1 Maxim Monastirsky 2016-02-18 20:06:01 UTC

For master:

https://cgit.freedesktop.org/libreoffice/core/commit/?id=c64ea526dc71da6e3aad188ac71e58047ed74b5a

For 5-1 (should be already in 5.1.1 RC1):

https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-1&id=f26f5226542c8a707eda3dcd8a9f81fbbf0342c0

For 5-0 (towards 5.0.6):

https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-0&id=d2ef084eb0e26b5ee18133269249e7a80efb23d6

Note that Linux distros usually build against system graphite, so it's up to them to update it.