GNU FriBidi: Heap-based buffer overflow

2020-03-19T00:00:00
ID GLSA-202003-41
Type gentoo
Reporter Gentoo Foundation
Modified 2020-03-19T00:00:00

Description

Background

The Free Implementation of the Unicode Bidirectional Algorithm.

Description

A heap-based buffer overflow vulnerability was found in GNU FriBidi.

Impact

A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All FriBidi users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/fribidi-1.0.8"