Описание
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsixel | fixed | 1.8.2-2 | package | |
| libsixel | fixed | 1.8.2-1+deb10u1 | buster | package |
| libsixel | fixed | 1.5.2-2+deb9u1 | stretch | package |
| libsixel | no-dsa | jessie | package |
Примечания
https://github.com/saitoha/libsixel/issues/77
https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
CVE description is misleading, not an issue in libstb
Связанные уязвимости
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.