CVE-2018-20546Integer Overflow or Wraparound in Libcaca

CWE-190Integer Overflow or Wraparound11 documents6 sources
Severity
8.1HIGHNVD
OSV5.5
EPSS
2.3%
top 15.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libcaca Project LibcacaDebian LibcacaCanonical Ubuntu Linux+3 more
Timeline
PublishedDec 28
Latest updateMay 13

Description

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

debiandebian/libcaca< libcaca 0.99.beta19-2.1 (bookworm)
Debianlibcaca_project/libcaca< 0.99.beta19-2.1+3
Ubuntulibcaca_project/libcaca< 0.99.beta18-1ubuntu5.1+2
NVDopensuse/leap15.0

Also affects: Debian Linux 8.0, Fedora 34, 35, 36, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-m8qg-9vxj-5pw7: There is an illegal READ memory access at caca/dither2022-05-13
OSV
libcaca vulnerabilities2019-01-15
OSV
CVE-2018-20546: There is an illegal READ memory access at caca/dither2018-12-28

📋Vendor Advisories

3
Ubuntu
libcaca vulnerabilities2019-01-15
Ubuntu
libcaca vulnerabilities2019-01-15
Debian
CVE-2018-20546: libcaca - There is an illegal READ memory access at caca/dither.c (function get_rgba_defau...2018

💬Community

4
Bugzilla
CVE-2018-20546 libcaca: out of bounds read in function get_rgba_default in caca/dither.c2019-03-12
Bugzilla
CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [fedora-all]2019-03-12
Bugzilla
CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [fedora-all]2019-03-12
Bugzilla
CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [epel-all]2019-03-12