CVE-2018-20546 (https://github.com/cacalabs/libcaca/issues/38): There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Patch: https://github.com/cacalabs/libcaca/commit/1022d97496c7899e8641515af363381b31ae2f05~ CVE-2018-20545 (https://github.com/cacalabs/libcaca/issues/37): There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Patch: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 Patches in 0.99_beta20.
Looks like this was addressed in: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e49df2222085dded48b58473bc2fd6347f8352f
Interesting. There's 3 new CVEs in that commit message which aren't tracked by a Gentoo bug: CVE-2018-20544 CVE-2018-20547 CVE-2018-20549 And looks like the patch named "CVE-2018-20545+20547+20549.patch" actually fixes -20545, -20548, and -20549 according to the upstream commit message: """ Fixes: #37 (CVE-2018-20545) Fixes: #40 (CVE-2018-20548) Fixes: #41 (CVE-2018-20549) """