PT-2018-3452 · Libcaca+2 · Libcaca+2

Published

2018-11-22

Updated

2025-01-13

CVE-2018-20548

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libcaca version 0.99.beta19

Description: The issue is related to an integer overflow in the load image function of the libcaca graphics library. This can potentially allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability. The problem is also associated with an illegal WRITE memory access at common-image.c in the load image function for 1bpp data.

Recommendations: For libcaca version 0.99.beta19, consider restricting access to the load image function until a patch is available. As a temporary workaround, avoid using the load image function for 1bpp data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-119

Related Identifiers

BDU:2020-01686

CVE-2018-20548

MGASA-2019-0050

OPENSUSE-SU-2019:1144-1

OPENSUSE-SU-2019_1144-1

OPENSUSE-SU-2024:12537-1

ROSA-SA-2025-2554

SUSE-SU-2019:0770-1

SUSE-SU-2019:2745-1

SUSE-SU-2019:2745-2

USN-3860-1

USN-3860-2

Affected Products

Suse

Ubuntu

Libcaca

PT-2018-3452 · Libcaca+2 · Libcaca+2

CVE-2018-20548

Weakness Enumeration

Related Identifiers

Affected Products

References · 89