Summary: | <media-libs/libpano13-2.9.21: oob read | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | maekke |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ | ||
Whiteboard: | B3 [glsa? cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-03-13 14:17:42 UTC
CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. (In reply to John Helmert III from comment #1) > CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): > https://sourceforge.net/p/panotools/libpano13/ci/ > 62aa7eed8fae5d8f247a2508a757f31000de386f/ > > A null pointer dereference was found in libpano13, version libpano13-2.9.20. > The flow allows attackers to cause a denial of service and potential code > execute via a crafted file. This is fixed in 2.9.21. (In reply to John Helmert III from comment #0) > CVE-2021-33293: > > Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds > read in the function panoParserFindOLine() in parser.c. > > Can't tell if the patch has made it into any release. So is this, both CVEs refer to the same problem and commit. Please remove the vulnerable version 2.9.20-r3. |