Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717254 (CVE-2020-11721, CVE-2020-19668, CVE-2020-36120) - media-libs/libsixel: Multiple vulnerabilities (CVE-2020-{11721,19668})
Summary: media-libs/libsixel: Multiple vulnerabilities (CVE-2020-{11721,19668})
Status: IN_PROGRESS
Alias: CVE-2020-11721, CVE-2020-19668, CVE-2020-36120
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/saitoha/libsixel/i...
Whiteboard: B3 [ebuild cve]
Keywords:
: 783516 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-04-12 20:09 UTC by Sam James
Modified: 2021-10-02 14:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-12 20:09:39 UTC
Description:
"load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service."

No fix upstream yet.
Comment 1 Sam James archtester gentoo-dev Security 2020-11-20 16:47:54 UTC
"Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6."

https://github.com/saitoha/libsixel/issues/136
Comment 2 John Helmert III gentoo-dev Security 2021-06-12 16:35:23 UTC
The linked upstream seems to be dead, and there's a fork with fixes to both issues:

https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55
https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968

Please bump and use the new upstream.
Comment 3 John Helmert III gentoo-dev Security 2021-09-18 14:27:07 UTC
*** Bug 783516 has been marked as a duplicate of this bug. ***
Comment 4 John Helmert III gentoo-dev Security 2021-09-18 14:30:10 UTC
CVE-2020-36120 (https://github.com/saitoha/libsixel/issues/143):

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
Comment 5 Larry the Git Cow gentoo-dev 2021-10-01 13:52:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8990f8a32cf506e4d47ae6c365ab121227a925da

commit 8990f8a32cf506e4d47ae6c365ab121227a925da
Author:     Akinori Hattori <hattya@gentoo.org>
AuthorDate: 2021-10-01 13:51:31 +0000
Commit:     Akinori Hattori <hattya@gentoo.org>
CommitDate: 2021-10-01 13:51:31 +0000

    media-libs/libsixel: new upstream release
    
    Bug: https://bugs.gentoo.org/717254
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Akinori Hattori <hattya@gentoo.org>

 media-libs/libsixel/Manifest                   |  1 +
 media-libs/libsixel/files/libsixel-meson.patch | 65 ++++++++++++++++++++
 media-libs/libsixel/libsixel-1.10.3.ebuild     | 85 ++++++++++++++++++++++++++
 media-libs/libsixel/metadata.xml               |  1 +
 4 files changed, 152 insertions(+)
Comment 6 John Helmert III gentoo-dev Security 2021-10-02 14:04:29 UTC
Looks like the last CVE hasn't been fixed in libsixel/libsixel, reported at:

https://github.com/libsixel/libsixel/issues/46