Professional Documents
Culture Documents
CVSS Environment:
Asset Group: -
Collateral Damage Potential: -
Target Distribution: -
Confidentiality Requirement: -
Integrity Requirement: -
Availability Requirement: -
THREAT:
FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es): freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)
Affected Products: Red Hat Enterprise Linux Server 7 x86_64 Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64 Red Hat Enterprise Linux for IBM z Systems 7 s390x Red Hat
Enterprise Linux for Power, big endian 7 ppc64 Red Hat Enterprise Linux for Scientific Computing 7 x86_64 Red Hat
Enterprise Linux for Power, little endian 7 ppc64le
IMPACT:
On successful exploitation it could allow an attacker to execute code.
SOLUTION:
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system (https://access.redhat.com/
articles/11258) for details.
Refer to Red Hat security advisory RHSA-2020:4907 (https://access.redhat.com/errata/RHSA-2020:4907) to address this issue and obtain more
information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2020:4907: Red Hat Enterprise Linux (https://access.redhat.com/errata/RHSA-2020:4907)
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Package Installed Version Required Version
freetype 2.4.11-15.el7.x86_64 2.8-14.el7_9.1