810034 – (CVE-2021-38714) media-libs/plib: integer overflow leading to code execution (CVE-2021-38714)

Bug 810034 (CVE-2021-38714) - media-libs/plib: integer overflow leading to code execution (CVE-2021-38714)

Summary: media-libs/plib: integer overflow leading to code execution (CVE-2021-38714)

Status:	CONFIRMED

Alias:	CVE-2021-38714

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://sourceforge.net/p/plib/bugs/55/
Whiteboard:	B2 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2021-08-24 16:42 UTC by John Helmert III
Modified:	2021-08-24 16:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-08-24 16:42:06 UTC

CVE-2021-38714:

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.


According to URL:

"PLIB has been obsolete and unmaintained for at LEAST 15 years!!

Good catch...but it's not ever getting fixed."

Quite problematic given it seems to have a few revdeps in Gentoo.