CVE-2021-33293: Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. Can't tell if the patch has made it into any release.
CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.
(In reply to John Helmert III from comment #1) > CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): > https://sourceforge.net/p/panotools/libpano13/ci/ > 62aa7eed8fae5d8f247a2508a757f31000de386f/ > > A null pointer dereference was found in libpano13, version libpano13-2.9.20. > The flow allows attackers to cause a denial of service and potential code > execute via a crafted file. This is fixed in 2.9.21.
(In reply to John Helmert III from comment #0) > CVE-2021-33293: > > Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds > read in the function panoParserFindOLine() in parser.c. > > Can't tell if the patch has made it into any release. So is this, both CVEs refer to the same problem and commit. Please remove the vulnerable version 2.9.20-r3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=838f05e0c52af5c463eafd6c4f5efabde917dd30 commit 838f05e0c52af5c463eafd6c4f5efabde917dd30 Author: Markus Meier <maekke@gentoo.org> AuthorDate: 2024-05-17 18:54:22 +0000 Commit: Markus Meier <maekke@gentoo.org> CommitDate: 2024-05-17 18:54:22 +0000 media-libs/libpano13: remove old Bug: https://bugs.gentoo.org/835080 Signed-off-by: Markus Meier <maekke@gentoo.org> media-libs/libpano13/Manifest | 1 - media-libs/libpano13/libpano13-2.9.20-r3.ebuild | 39 ------------------------- 2 files changed, 40 deletions(-)
