Описание
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsixel | fixed | 1.8.6-1 | package | |
| libsixel | no-dsa | buster | package | |
| libsixel | no-dsa | stretch | package | |
| libsixel | no-dsa | jessie | package | |
| libstb | fixed | 0.0~git20220908.8b5f1f3+ds-1 | package | |
| libstb | no-dsa | bullseye | package | |
| libstb | no-dsa | buster | package |
Примечания
libsixel PR: https://github.com/saitoha/libsixel/issues/126
libsixel patch: https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d
libstb PR: https://github.com/nothings/stb/issues/886
libstb patch: https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7
Fix might cause a regression:
https://github.com/nothings/stb/pull/960#pullrequestreview-615017993
Связанные уязвимости
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
Уязвимость компонента stb_image.h реализации кодировщика/декодера SIXEL Libsixel библиотеки для C/C++ Libstb, позволяющая нарушителю вызвать отказ в обслуживании