Bug#917807: libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549

Sun, 30 Dec 2018 07:45:32 -0800 

Source: libcaca
Version: 0.99.beta19-2
Severity: important
Tags: security upstream fixed-upstream

Hi,

The following vulnerabilities were published for libcaca.

CVE-2018-20544[0]:
| There is floating point exception at caca/dither.c (function
| caca_dither_bitmap) in libcaca 0.99.beta19.

CVE-2018-20545[1]:
| There is an illegal WRITE memory access at common-image.c (function
| load_image) in libcaca 0.99.beta19 for 4bpp data.

CVE-2018-20546[2]:
| There is an illegal READ memory access at caca/dither.c (function
| get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

CVE-2018-20547[3]:
| There is an illegal READ memory access at caca/dither.c (function
| get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

CVE-2018-20548[4]:
| There is an illegal WRITE memory access at common-image.c (function
| load_image) in libcaca 0.99.beta19 for 1bpp data.

CVE-2018-20549[5]:
| There is an illegal WRITE memory access at caca/file.c (function
| caca_file_read) in libcaca 0.99.beta19.

Note: obviously I realize given you are both upstream am Debian
maintainer you have already fixed this upstream with the reports
submitted and two of those issues are actually unimportant as the
Debian build does not use the fallback.

Reporting these issues still in the BTS for tracking purpose.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20544
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20544
[1] https://security-tracker.debian.org/tracker/CVE-2018-20545
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545
[2] https://security-tracker.debian.org/tracker/CVE-2018-20546
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546
[3] https://security-tracker.debian.org/tracker/CVE-2018-20547
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547
[4] https://security-tracker.debian.org/tracker/CVE-2018-20548
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20548
[5] https://security-tracker.debian.org/tracker/CVE-2018-20549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20549

Regards,
Salvatore
  • Bug#917807: libcaca: CVE-2018-20544 CVE-2018-20545 CV... Salvatore Bonaccorso

Reply via email to