Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 839741 (CVE-2018-20545, CVE-2018-20546)

Summary: media-libs/libcaca: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-20 16:37:37 UTC
CVE-2018-20546 (https://github.com/cacalabs/libcaca/issues/38):

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

Patch: https://github.com/cacalabs/libcaca/commit/1022d97496c7899e8641515af363381b31ae2f05~

CVE-2018-20545 (https://github.com/cacalabs/libcaca/issues/37):

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

Patch: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592

Patches in 0.99_beta20.