CVE-2021-3410 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libcaca

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 69.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcaca Project Libcaca Debian Libcaca Debian Linux +1 more

Timeline

PublishedFeb 23

Latest updateMay 24

Description

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/libcaca< libcaca 0.99.beta19-2.2 (bookworm)

▶Debianlibcaca_project/libcaca< 0.99.beta19-2.2+3

▶CVEListV5libcaca_project/libcacalibcaca v0.99.beta19

▶NVDlibcaca_project/libcaca0.99

Also affects: Debian Linux 9.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-9xcm-8x7r-552c: A flaw was found in libcaca v0↗2022-05-24

▶

OSV

CVE-2021-3410: A flaw was found in libcaca v0↗2021-02-23

▶

📋Vendor Advisories

Ubuntu

libcaca vulnerability↗2021-04-20

▶

Debian

CVE-2021-3410: libcaca - A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize...↗2021

▶