CVE-2018-20545 — Integer Overflow or Wraparound in Libcaca

CWE-190 — Integer Overflow or Wraparound11 documents6 sources

Severity

8.8HIGHNVD

OSV5.5

EPSS

1.9%

top 16.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcaca Project Libcaca Debian Libcaca Canonical Ubuntu Linux +2 more

Timeline

PublishedDec 28

Latest updateMay 13

Description

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/libcaca< libcaca 0.99.beta19-2.1 (bookworm)

▶Debianlibcaca_project/libcaca< 0.99.beta19-2.1+3

▶Ubuntulibcaca_project/libcaca< 0.99.beta18-1ubuntu5.1+2

▶NVDlibcaca_project/libcaca0.99

▶NVDopensuse/leap15.0

Also affects: Fedora 34, 35, 36, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3638-4f56-qcf5: There is an illegal WRITE memory access at common-image↗2022-05-13

▶

OSV

libcaca vulnerabilities↗2019-01-15

▶

OSV

CVE-2018-20545: There is an illegal WRITE memory access at common-image↗2018-12-28

▶

📋Vendor Advisories

Ubuntu

libcaca vulnerabilities↗2019-01-15

▶

Ubuntu

libcaca vulnerabilities↗2019-01-15

▶

Debian

CVE-2018-20545: libcaca - There is an illegal WRITE memory access at common-image.c (function load_image) ...↗2018

▶

💬Community

Bugzilla

CVE-2018-20545 libcaca: out of bounds write in function load_image in common-image.c↗2019-03-12

▶

Bugzilla

CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [fedora-all]↗2019-03-12

▶

Bugzilla

CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [fedora-all]↗2019-03-12

▶

Bugzilla

CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [epel-all]↗2019-03-12

▶