Описание
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsixel | fixed | 1.10.5-1 | package | |
| libsixel | ignored | bookworm | package | |
| libsixel | no-dsa | bullseye | package | |
| libsixel | no-dsa | buster | package | |
| libsixel | no-dsa | stretch | package | |
| libstb | unfixed | package | ||
| libstb | no-dsa | trixie | package | |
| libstb | no-dsa | bookworm | package |
Примечания
https://github.com/libsixel/libsixel/issues/51
Fixed by: https://github.com/libsixel/libsixel/pull/52
libsixel bundles libstb and has fixed this issue, but a patch in src:libstb is missing:
https://github.com/saitoha/libsixel/commit/1c58a6ea708b6fa793ffb5a10798ccfea36e8eed (v1.8.7)
EPSS
Связанные уязвимости
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
EPSS