Lucene search

K

Veracode Vulnerability DatabaseVERACODE:30379

HistoryMay 07, 2021 - 6:36 a.m.

Arbitrary Code Execution

2021-05-0706:36:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

19

arbitrary code execution

use-after-free

heap memory corruption

privilege escalation

dirfile database

encoding file.

EPSS

0.011

Percentile

84.8%

libgetdata.so is vulnerable to arbitrary code execution. A use-after-free allows an attacker to send a malicious dirfile database to trigger a heap memory corruption via the function _GD_Supports() in encoding.c, leading to an arbitrary code execution or privilege escalation.

References

bugzilla.redhat.com/show_bug.cgi?id=1956348

lists.debian.org/debian-lts-announce/2021/05/msg00015.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43JTGEMYMCTHD3LHFD7ENBNSWCNBCYEY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GB7T7DW7XRPJOUE25ZE7GF244FPCHBWY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OE23HBLIVKVPOQ5MVADWPOCFMREVF4QZ/

lists.fedoraproject.org/archives/list/[email protected]/message/43JTGEMYMCTHD3LHFD7ENBNSWCNBCYEY/

lists.fedoraproject.org/archives/list/[email protected]/message/GB7T7DW7XRPJOUE25ZE7GF244FPCHBWY/

lists.fedoraproject.org/archives/list/[email protected]/message/OE23HBLIVKVPOQ5MVADWPOCFMREVF4QZ/

EPSS

0.011

Percentile

84.8%

Related for VERACODE:30379

prion1 fedora3 openvas5 cvelist1 nessus2 osv1 nvd1 cve1 debiancve1 debian1 ubuntucve1 suse1