Summary: | media-libs/libsixel: Multiple vulnerabilities (CVE-2020-{11721,19668}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | ajak, hattya |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/saitoha/libsixel/issues/134 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=674620 https://github.com/libsixel/libsixel/pull/47 |
||
Whiteboard: | B3 [ebuild cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-04-12 20:09:39 UTC
"Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6." https://github.com/saitoha/libsixel/issues/136 The linked upstream seems to be dead, and there's a fork with fixes to both issues: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 Please bump and use the new upstream. *** Bug 783516 has been marked as a duplicate of this bug. *** CVE-2020-36120 (https://github.com/saitoha/libsixel/issues/143): Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8990f8a32cf506e4d47ae6c365ab121227a925da commit 8990f8a32cf506e4d47ae6c365ab121227a925da Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2021-10-01 13:51:31 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2021-10-01 13:51:31 +0000 media-libs/libsixel: new upstream release Bug: https://bugs.gentoo.org/717254 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 1 + media-libs/libsixel/files/libsixel-meson.patch | 65 ++++++++++++++++++++ media-libs/libsixel/libsixel-1.10.3.ebuild | 85 ++++++++++++++++++++++++++ media-libs/libsixel/metadata.xml | 1 + 4 files changed, 152 insertions(+) Looks like the last CVE hasn't been fixed in libsixel/libsixel, reported at: https://github.com/libsixel/libsixel/issues/46 Looks like that upstream PR to fix the vulnerability by changing API got never merged, unfortunately. |