Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 867325 (CVE-2022-0496, CVE-2022-0497) - <media-gfx/openscad-2021.01-r4: multiple vulnerabilities
Summary: <media-gfx/openscad-2021.01-r4: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-0496, CVE-2022-0497
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords: PullRequest
Depends on: 867748
Blocks:
  Show dependency tree
 
Reported: 2022-08-29 16:44 UTC by John Helmert III
Modified: 2022-09-03 15:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-29 16:44:25 UTC
CVE-2022-0496 (https://github.com/openscad/openscad/issues/4037):

A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().

Patches: https://github.com/openscad/openscad/commit/770e3234cbfe66edbc0333f796b46d36a74aa652
https://github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41

CVE-2022-0497 (https://github.com/openscad/openscad/issues/4043):

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.

Patch: https://github.com/openscad/openscad/commit/78a82cf31767bda6969d8ea2eb851dc24c12b4b0
Comment 1 Bernd 2022-08-31 07:27:51 UTC
Both issues are already addressed in -r4. See the patches ${FILESDIR}/${P}-CVE-2022-0496-Out-of-bounds-memory-access-in-DXF-loa.patch and ${FILESDIR}/${P}-CVE-2022-0497-Out-of-bounds-memory-access-in-comment.patch as well as the git log of the latest commit.
Comment 2 Bernd 2022-08-31 07:46:43 UTC
I was already thinking about stabilizing -r4, when this bug showed up. Going to open a stabilization request later this day.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-01 19:30:47 UTC
Ah, please remember to file security bugs when you notice security fixes! And now that stabilization is done, please cleanup -r3.
Comment 4 Bernd 2022-09-02 14:12:11 UTC
Oh no problem. Didn't know it should file a security bug in such cases.
Comment 5 Larry the Git Cow gentoo-dev 2022-09-02 16:50:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9ff34202290af6646ebe66f4549ac1117df6755

commit f9ff34202290af6646ebe66f4549ac1117df6755
Author:     Bernd Waibel <waebbl-gentoo@posteo.net>
AuthorDate: 2022-09-02 14:21:05 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-09-02 16:49:02 +0000

    media-gfx/openscad: drop 2021.01-r3
    
    Bug: https://bugs.gentoo.org/867325
    Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/27113
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 media-gfx/openscad/openscad-2021.01-r3.ebuild | 106 --------------------------
 1 file changed, 106 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-03 15:59:39 UTC
OOB read is not clearly exploitable, no GLSA. All done!