824290 – (CVE-2021-33479, CVE-2021-33480, CVE-2021-33481) app-text/gocr: multiple vulnerabilities (CVE-2021-{33479,33480,33481})

Bug 824290 (CVE-2021-33479, CVE-2021-33480, CVE-2021-33481) - app-text/gocr: multiple vulnerabilities (CVE-2021-{33479,33480,33481})

Summary: app-text/gocr: multiple vulnerabilities (CVE-2021-{33479,33480,33481})

Status:	CONFIRMED

Alias:	CVE-2021-33479, CVE-2021-33480, CVE-2021-33481

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2021-11-17 23:01 UTC by John Helmert III
Modified:	2021-11-17 23:01 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-11-17 23:01:37 UTC

CVE-2021-33479 (https://sourceforge.net/p/jocr/bugs/39/):

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.

CVE-2021-33480 (https://sourceforge.net/p/jocr/bugs/41/):
https://sourceforge.net/p/jocr/bugs/40/

An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.

CVE-2021-33481 (https://sourceforge.net/p/jocr/bugs/42/):

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.

All appear unfixed upstream.