Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 851774 (CVE-2022-2061)

Summary: <media-gfx/chafa-1.12.4: heap buffer overflow
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: jsmolic
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://huntr.dev/bounties/365ab61f-9a63-421c-97e6-21d4653021f0
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-14 00:10:25 UTC 
CVE-2022-2061 (https://github.com/hpjansson/chafa/commit/e6ce3746cdcf0836b9dae659a5aed15d73a080d8):

Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.

The patch isn't actually in 1.12.0.
Comment 1 Jakov Smolić archtester gentoo-dev 2023-04-11 10:49:14 UTC 
Latest chafa version (1.12.4) has already been added and stabilized in the meantime, security@ can proceed with wrangling this bug.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:11:11 UTC 
Thanks! Only an overread, all done.