CVE-2021-30498 — Out-of-bounds Write in Libcaca

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcaca Project Libcaca Debian Libcaca Fedoraproject Fedora

Timeline

PublishedMay 26

Latest updateMay 24

Description

A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/libcaca< libcaca 0.99.beta19-3 (bookworm)

▶Debianlibcaca_project/libcaca< 0.99.beta19-2.2+deb11u1+3

▶Ubuntulibcaca_project/libcaca< 0.99.beta19-2ubuntu0.18.04.3+3

▶CVEListV5libcaca_project/libcacamaster

▶NVDlibcaca_project/libcaca0.99

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

GHSA

GHSA-hg8v-gh24-gpf4: A flaw was found in libcaca↗2022-05-24

▶

OSV

libcaca vulnerabilities↗2021-10-21

▶

OSV

CVE-2021-30498: A flaw was found in libcaca↗2021-05-26

▶

📋Vendor Advisories

Ubuntu

libcaca vulnerabilities↗2021-10-21

▶

Debian

CVE-2021-30498: libcaca - A flaw was found in libcaca. A heap buffer overflow in export.c in function expo...↗2021

▶