799425 – (CVE-2021-36083, OSV-2021-695) <kde-frameworks/kimageformats-5.82.0: Stack buffer overflow (CVE-2021-36083)

Bug 799425 (CVE-2021-36083, OSV-2021-695) - <kde-frameworks/kimageformats-5.82.0: Stack buffer overflow (CVE-2021-36083)

Summary: <kde-frameworks/kimageformats-5.82.0: Stack buffer overflow (CVE-2021-36083)

Status:	IN_PROGRESS

Alias:	CVE-2021-36083, OSV-2021-695

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2021-07-01 05:31 UTC by Sam James
Modified:	2022-03-12 11:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2021-07-01 05:31:49 UTC

Description:
"KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE."


https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f 

Fix didn't seem to make it into 5.82.0.

Comment 1 Andreas Sturmlechner gentoo-dev

2021-07-01 07:58:25 UTC

https://mail.kde.org/pipermail/release-team/2021-May/012289.html

Nothing to do here.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:21:16 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:29:24 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:37:22 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:45:27 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:53:32 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:01:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:09:47 UTC

Package list is empty or all packages have requested keywords.

Comment 9 Reva Denis 2022-03-12 11:42:20 UTC

The issue should be closed