Bug#1010671: libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text
- To: team@security.debian.org
- Cc: Neil Williams <codehelp@debian.org>, 1010671@bugs.debian.org, debian-lts@lists.debian.org
- Subject: Bug#1010671: libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text
- From: Simon McVittie <smcv@debian.org>
- Date: Wed, 20 Jul 2022 10:52:48 +0100
- Message-id: <YtfQcNehbJOff/WP@momentum.pseudorandom.co.uk>
- In-reply-to: <165184710065.14276.14577062705715386617.reportbug@debian-sid.codehelp>
- References: <165184710065.14276.14577062705715386617.reportbug@debian-sid.codehelp> <165184710065.14276.14577062705715386617.reportbug@debian-sid.codehelp>
Control: unarchive -1
Control: tags -1 + bookworm sid
On Fri, 06 May 2022 at 15:25:00 +0100, Neil Williams wrote:
> CVE-2022-27470[0]:
> | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
> | memory write via the function TTF_RenderText_Solid(). This
> | vulnerability is triggered via a crafted TTF file.
buster and bullseye (which happen to have an identical libsdl2-ttf
version) do not appear to be vulnerable to this. The code that has
the overflow seems to have been introduced in commit 31589bd "Wrapped
functions, Optimized routines, Lsb/Rsb positioning, Subpixel Hinting"
shortly after 2.0.15, so it isn't in buster or bullseye.
I haven't looked at stretch, which has an even older version, but I
suspect the same is true there.
smcv
Reply to: