Package: sgt-puzzles Version: 20230122.806ae71-1 Severity: serious Tags: security upstream fixed-upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Ben Harris found multiple issues in sgt-puzzles where a malformed game description or save file can lead to a buffer overflow, buffer overread, use of an uniniitialised pointer, integer overflow, null pointer dereference, division by zero, assertion failure, or memory leak. These were fixed upstream over the past few months. The Debian package doesn't register any media type handler for save files, so I think this can only be exploited by social-engineering a user into loading such a file or description. For most of these bugs, the impact is limited to a crash of the application. However, the various memory safety errors may be more serious. On some architectures, division by zero does not cause an exception and this might also be exploitable. Ben. -- System Information: Debian Release: 12.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sgt-puzzles depends on: ii libc6 2.36-8 ii libcairo2 1.16.0-7 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.74.6-1 ii libgtk-3-0 3.24.37-2 ii libpango-1.0-0 1.50.12+ds-1 ii libpangocairo-1.0-0 1.50.12+ds-1 Versions of packages sgt-puzzles recommends: ii chromium [www-browser] 111.0.5563.64-1 ii firefox [www-browser] 111.0-3 ii lynx [www-browser] 2.9.0dev.12-1 ii xdg-utils 1.1.3-4.1 sgt-puzzles suggests no packages. -- debconf-show failed