Lucene search

Gentoo FoundationMGASA-2021-0476

HistoryOct 13, 2021 - 10:39 p.m.

Updated plib packages fix security vulnerability

2021-10-1322:39:52

Gentoo Foundation

advisories.mageia.org

integer overflow

arbitrary code execution

plib packages

ssgloadtga() function

security vulnerability

unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.1%

JSON

Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchplib< 1.8.5-13.1plib-1.8.5-13.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	plib	< 1.8.5-13.1	plib-1.8.5-13.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29528

www.debian.org/lts/security/2021/dla-2775

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.1%

JSON

Related for MGASA-2021-0476