CVE-2021-33293: Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. Can't tell if the patch has made it into any release.
CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.
(In reply to John Helmert III from comment #1) > CVE-2021-33798 (https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74): > https://sourceforge.net/p/panotools/libpano13/ci/ > 62aa7eed8fae5d8f247a2508a757f31000de386f/ > > A null pointer dereference was found in libpano13, version libpano13-2.9.20. > The flow allows attackers to cause a denial of service and potential code > execute via a crafted file. This is fixed in 2.9.21.
(In reply to John Helmert III from comment #0) > CVE-2021-33293: > > Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds > read in the function panoParserFindOLine() in parser.c. > > Can't tell if the patch has made it into any release. So is this, both CVEs refer to the same problem and commit. Please remove the vulnerable version 2.9.20-r3.