Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21923

HistoryNov 07, 2019 - 5:51 a.m.

Illegal Memory Access

2019-11-0705:51:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

EPSS

0.003

Percentile

69.1%

libcaca.so is vulnerable to illegal memory access. The vulnerability exists because the function load_image in common-image.c does not allocate proper size of memory for w and h parameters in BMP loader, causing an integer overflow for 4bpp data.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html

bugzilla.redhat.com/show_bug.cgi?id=1652621

github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592

github.com/cacalabs/libcaca/issues/37

lists.fedoraproject.org/archives/list/[email protected]/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/

lists.fedoraproject.org/archives/list/[email protected]/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/

lists.fedoraproject.org/archives/list/[email protected]/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/

usn.ubuntu.com/3860-1/

usn.ubuntu.com/3860-2/

EPSS

0.003

Percentile

69.1%

Related for VERACODE:21923

debiancve1 osv1 cve1 cvelist1 prion1 alpinelinux1 ubuntucve1 nvd1 openvas10 nessus5 suse1 rosalinux1 ubuntu2 mageia1 fedora3