PT-2019-14256 · None+2 · Libmirage+2

Andrea Fioraldi

Published

2019-08-25

Updated

2020-11-02

CVE-2019-15540

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libMirage version 3.2.2

Description The issue is related to a heap-based buffer overflow in the CSO filter of libMirage, which can be triggered by a local Linux user due to the lack of validation of the part size. This can potentially lead to root access.

Recommendations For libMirage version 3.2.2, consider updating to a newer version that addresses this issue, as the current version does not validate the part size, leading to a potential heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3189

CVE-2019-15540

MGASA-2019-0404

OPENSUSE-SU-2019:2033-1

OPENSUSE-SU-2019:2040-1

OPENSUSE-SU-2019:2077-1

OPENSUSE-SU-2019_2033-1

OPENSUSE-SU-2019_2040-1

OPENSUSE-SU-2024:10957-1

Affected Products

Alt Linux

Suse

Libmirage

PT-2019-14256 · None+2 · Libmirage+2

CVE-2019-15540

Weakness Enumeration

Related Identifiers

Affected Products

References · 19