Bug 799425 (CVE-2021-36083, OSV-2021-695)

Summary:	<kde-frameworks/kimageformats-5.82.0: Stack buffer overflow (CVE-2021-36083)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---

Description Sam James archtester

2021-07-01 05:31:49 UTC

Description:
"KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE."


https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f 

Fix didn't seem to make it into 5.82.0.

Comment 1 Andreas Sturmlechner gentoo-dev

2021-07-01 07:58:25 UTC

https://mail.kde.org/pipermail/release-team/2021-May/012289.html

Nothing to do here.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:21:16 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:29:24 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:37:22 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:45:27 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:53:32 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:01:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:09:47 UTC

Package list is empty or all packages have requested keywords.

Comment 9 Reva Denis 2022-03-12 11:42:20 UTC

The issue should be closed