Summary: | <app-text/tesseract-5.0.0: use after free vulnerability (CVE-2021-36081) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | chutzpah, voyageur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-07-02 01:47:15 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. I have trouble finding where this use-after-free is, I do not *think* this was present in stable releases (4.x) and it is considered ok in current 5.0 beta if I read correctly? (In reply to Bernard Cafarelli from comment #8) > I have trouble finding where this use-after-free is, I do not *think* this > was present in stable releases (4.x) and it is considered ok in current 5.0 > beta if I read correctly? No, versions in CVE descriptions are almost always useless unless they explicitly state a fixed version. |