libcaca.so is vulnerable to illegal memory access. The vulnerability exists because the function load_image
in common-image.c
does not allocate proper size of memory for w
and h
parameters in BMP loader, causing an integer overflow for 4bpp data.
lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html
bugzilla.redhat.com/show_bug.cgi?id=1652621
github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
github.com/cacalabs/libcaca/issues/37
lists.fedoraproject.org/archives/list/[email protected]/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/
lists.fedoraproject.org/archives/list/[email protected]/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/
lists.fedoraproject.org/archives/list/[email protected]/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/
usn.ubuntu.com/3860-1/
usn.ubuntu.com/3860-2/