Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 847985 (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614)

Summary: <app-text/halibut-1.3: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://carteryagemann.com/halibut-case-study.html
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 848528    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:32:26 UTC 
CVE-2021-42614:

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVE-2021-42613:

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVE-2021-42612:

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

Emailed the guy at URL to inquire about upstream report(s)/fixes.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-29 16:22:40 UTC 
Dr. Yagemann claims the issues are fixed in 1.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-02 03:54:06 UTC 
Thanks! Please cleanup