PT-2019-16622 · Libsixel+1 · Libsixel+1

Cool-Tomato

Publicado

2019-01-02

Atualizado

2024-12-20

CVE-2019-3574

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsixel version 1.8.2

Description The issue is related to a heap-based buffer over-read in the load jpeg() function, located in the loader.c file. This can be demonstrated by using img2sixel.

Recommendations For libsixel version 1.8.2, consider avoiding the use of the load jpeg() function until a patch is available. As a temporary workaround, restrict the use of img2sixel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2020-2902

ALT-PU-2024-17256

CVE-2019-3574

Produtos afetados

Alt Linux

Libsixel

PT-2019-16622 · Libsixel+1 · Libsixel+1

CVE-2019-3574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9