Headline
CVE-2022-33068: UndefinedBehaviorSanitizer: signed integer overflow · Issue #3557 · harfbuzz/harfbuzz
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
****Describe the bug****
UndefinedBehaviorSanitizer: signed integer overflow in hb-ot-shape-fallback.cc
****To Reproduce****
Built harfbuzz-shape-fuzzer using clang-10 according to the oss-fuzz script with CXXFLAGS=’-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr’
commit: 7f7ebdc
****UBSAN Output****
$ ./hb-shape-fuzzer id:000000,sig:06,src:014111,time:17042722,op:havoc,rep:2,trial:1
INFO: Seed: 3794760496
INFO: Loaded 1 modules (85057 inline 8-bit counters): 85057 [0x1066033, 0x107ac74),
INFO: Loaded 1 PC tables (85057 PCs): 85057 [0x107ac78,0x11c7088),
hb-shape-fuzzer: Running 1 inputs 1 time(s) each.
Running: id:000000,sig:06,src:014111,time:17042722,op:havoc,rep:2,trial:1
harfbuzz/src/hb-ot-shape-fallback.cc:262:67: runtime error: signed integer overflow: 6 - -2147483648 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior harfbuzz/src/hb-ot-shape-fallback.cc:262:67 in
harfbuzz/src/hb-ot-shape-fallback.cc:279:45: runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior harfbuzz/src/hb-ot-shape-fallback.cc:279:45 in
harfbuzz/src/hb-ot-shape-fallback.cc:279:67: runtime error: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior harfbuzz/src/hb-ot-shape-fallback.cc:279:67 in
Executed id:000000,sig:06,src:014111,time:17042722,op:havoc,rep:2,trial:1 in 4 ms
testcase:
harfbuzz-shape-fuzzer.zip
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
Gentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.
Ubuntu Security Notice 5524-1 - It was discovered that HarfBuzz incorrectly handled certain glyph sizes. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service.