Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 775629 (CVE-2020-36277, CVE-2020-36278, CVE-2020-36279, CVE-2020-36280, CVE-2020-36281) - <media-libs/leptonica-1.80.0: multiple vulnerabilities (CVE-2020-{36277,36278,36279,36280,36281)
Summary: <media-libs/leptonica-1.80.0: multiple vulnerabilities (CVE-2020-{36277,36278...
Status: CONFIRMED
Alias: CVE-2020-36277, CVE-2020-36278, CVE-2020-36279, CVE-2020-36280, CVE-2020-36281
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable?]
Keywords: STABLEREQ
Depends on:
Blocks: EAPI6Removal
  Show dependency tree
 
Reported: 2021-03-12 13:46 UTC by John Helmert III
Modified: 2021-04-18 22:40 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/leptonica-1.80.0 *
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-03-12 13:46:49 UTC
CVE-2020-36281:

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
Comment 1 John Helmert III gentoo-dev Security 2021-03-13 04:17:29 UTC
CVE-2020-36277:

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c

CVE-2020-36278:

Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.

CVE-2020-36279:

Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.

CVE-2020-36280:

Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c
Comment 2 Andreas Sturmlechner gentoo-dev 2021-04-18 22:37:12 UTC
I understand we have 1.80.0 in tree since last August.