Bug 799791 (CVE-2021-36081)

Summary:	<app-text/tesseract-5.0.0: use after free vulnerability (CVE-2021-36081)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	chutzpah, voyageur
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-07-02 01:47:15 UTC

CVE-2021-36081:

Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.


Fixed commit according to oss-fuzz: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55

The referenced strpbrk call doesn't appear to be in the deleted files in this
commit, so this may not be actually fixed.

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:21:11 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:29:19 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:37:16 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:45:22 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:53:27 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:01:20 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:09:42 UTC

Package list is empty or all packages have requested keywords.

Comment 8 Bernard Cafarelli gentoo-dev

2021-08-26 20:25:17 UTC

I have trouble finding where this use-after-free is, I do not *think* this was present in stable releases (4.x) and it is considered ok in current 5.0 beta if I read correctly?

Comment 9 John Helmert III archtester

2021-08-26 22:02:45 UTC

(In reply to Bernard Cafarelli from comment #8)
> I have trouble finding where this use-after-free is, I do not *think* this
> was present in stable releases (4.x) and it is considered ok in current 5.0
> beta if I read correctly?

No, versions in CVE descriptions are almost always useless unless they explicitly state a fixed version.