Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717254 (CVE-2020-11721, CVE-2020-19668) - media-libs/libsixel: Multiple vulnerabilities (CVE-2020-{11721,19668})
Summary: media-libs/libsixel: Multiple vulnerabilities (CVE-2020-{11721,19668})
Status: IN_PROGRESS
Alias: CVE-2020-11721, CVE-2020-19668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/saitoha/libsixel/i...
Whiteboard: B3 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-12 20:09 UTC by Sam James
Modified: 2020-11-20 16:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-12 20:09:39 UTC
Description:
"load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service."

No fix upstream yet.
Comment 1 Sam James archtester gentoo-dev Security 2020-11-20 16:47:54 UTC
"Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6."

https://github.com/saitoha/libsixel/issues/136