1 |
type: security |
2 |
subject: Updated fribidi packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2019-18397 |
5 |
src: |
6 |
7: |
7 |
core: |
8 |
- fribidi-1.0.5-2.1.mga7 |
9 |
description: | |
10 |
Updated fribidi packages fix security vulnerability: |
11 |
|
12 |
A stack buffer overflow in the fribidi_get_par_embedding_levels_ex() |
13 |
function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows |
14 |
an attacker to cause a denial of service or possibly execute arbitrary |
15 |
code by delivering crafted text content to a user, when this content is |
16 |
then rendered by an application that uses FriBidi for text layout |
17 |
calculations (CVE-2019-18397). |
18 |
references: |
19 |
- https://bugs.mageia.org/show_bug.cgi?id=25673 |
20 |
- https://www.openwall.com/lists/oss-security/2019/11/08/5 |
21 |
ID: MGASA-2019-0325 |