Описание
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | released | 0.49.2-3+deb8u3build0.16.04.1 |
| esm-infra-legacy/trusty | released | 0.49.2-3+deb8u3build0.14.04.1 |
| precise/esm | DNE | |
| trusty | released | 0.49.2-3+deb8u3build0.14.04.1 |
| trusty/esm | released | 0.49.2-3+deb8u3build0.14.04.1 |
| upstream | released | 0.49.2-3+deb8u1 |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffff ...
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3