Описание
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsixel | fixed | 1.8.2-2 | package | |
| libsixel | fixed | 1.8.2-1+deb10u1 | buster | package |
| libsixel | fixed | 1.5.2-2+deb9u1 | stretch | package |
| libsixel | not-affected | jessie | package |
Примечания
https://github.com/saitoha/libsixel/issues/80
https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
CVE description is misleading, not an issue in libstb
Связанные уязвимости
CVSS3: 5.5
ubuntu
около 7 лет назад
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
CVSS3: 5.5
nvd
около 7 лет назад
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
CVSS3: 5.5
github
больше 3 лет назад
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.