pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-2902/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

443 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202902",
"Version": "oval:org.altlinux.errata:def:20202902",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2902: package `libsixel` update to version 1.8.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2902",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2902",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01680",
"RefURL": "https://bdu.fstec.ru/vul/2022-01680",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01744",
"RefURL": "https://bdu.fstec.ru/vul/2022-01744",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02074",
"RefURL": "https://bdu.fstec.ru/vul/2022-02074",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02076",
"RefURL": "https://bdu.fstec.ru/vul/2022-02076",
"Source": "BDU"
},
{
"RefID": "CVE-2018-19756",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19756",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19757",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19757",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19759",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19759",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19761",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19761",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19762",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19763",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11024",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11024",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19635",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19635",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19636",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19636",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19637",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19637",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19638",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19638",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19777",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19777",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19778",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19778",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20022",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20022",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20023",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20023",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20024",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20024",
"Source": "CVE"
},
{
"RefID": "CVE-2019-3573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3573",
"Source": "CVE"
},
{
"RefID": "CVE-2019-3574",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3574",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21048",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21048",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21049",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21049",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21050",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21547",
"Source": "CVE"
}
],
"Description": "This update upgrades libsixel to version 1.8.5-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01680: Уязвимость компонента stb_image.h реализации кодировщика/декодера SIXEL Libsixel, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01744: Уязвимость функции dither_func_fs компонента tosixel.c реализации кодировщика/декодера SIXEL Libsixel, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-02074: Уязвимость компонента dither.c реализации кодировщика/декодера SIXEL Libsixel, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02076: Уязвимость функции gif_process_raster компонента fromgif.c реализации кодировщика/декодера SIXEL Libsixel, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-19756: There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.\n\n * CVE-2018-19757: There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.\n\n * CVE-2018-19759: There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.\n\n * CVE-2018-19761: There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.\n\n * CVE-2018-19762: There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.\n\n * CVE-2018-19763: There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.\n\n * CVE-2019-11024: The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.\n\n * CVE-2019-19635: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.\n\n * CVE-2019-19636: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.\n\n * CVE-2019-19637: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.\n\n * CVE-2019-19638: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.\n\n * CVE-2019-19777: stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.\n\n * CVE-2019-19778: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.\n\n * CVE-2019-20022: An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.\n\n * CVE-2019-20023: A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.\n\n * CVE-2019-20024: A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.\n\n * CVE-2019-3573: In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.\n\n * CVE-2019-3574: In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.\n\n * CVE-2020-21048: An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.\n\n * CVE-2020-21049: An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.\n\n * CVE-2020-21050: Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.\n\n * CVE-2020-21547: Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-09-30"
},
"Updated": {
"Date": "2020-09-30"
},
"BDUs": [
{
"ID": "BDU:2022-01680",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-01680",
"Impact": "Low",
"Public": "20180728"
},
{
"ID": "BDU:2022-01744",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01744",
"Impact": "High",
"Public": "20210917"
},
{
"ID": "BDU:2022-02074",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2022-02074",
"Impact": "Low",
"Public": "20210914"
},
{
"ID": "BDU:2022-02076",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-02076",
"Impact": "Low",
"Public": "20210914"
}
],
"CVEs": [
{
"ID": "CVE-2018-19756",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19756",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2018-19757",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19757",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2018-19759",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19759",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2018-19761",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19761",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2018-19762",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19762",
"Impact": "High",
"Public": "20181130"
},
{
"ID": "CVE-2018-19763",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19763",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2019-11024",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11024",
"Impact": "Low",
"Public": "20190408"
},
{
"ID": "CVE-2019-19635",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19635",
"Impact": "Critical",
"Public": "20191208"
},
{
"ID": "CVE-2019-19636",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19636",
"Impact": "Critical",
"Public": "20191208"
},
{
"ID": "CVE-2019-19637",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19637",
"Impact": "Critical",
"Public": "20191208"
},
{
"ID": "CVE-2019-19638",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19638",
"Impact": "Critical",
"Public": "20191208"
},
{
"ID": "CVE-2019-19777",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19777",
"Impact": "High",
"Public": "20191213"
},
{
"ID": "CVE-2019-19778",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19778",
"Impact": "High",
"Public": "20191213"
},
{
"ID": "CVE-2019-20022",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-672",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20022",
"Impact": "Low",
"Public": "20191227"
},
{
"ID": "CVE-2019-20023",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20023",
"Impact": "Low",
"Public": "20191227"
},
{
"ID": "CVE-2019-20024",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20024",
"Impact": "Low",
"Public": "20191227"
},
{
"ID": "CVE-2019-3573",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3573",
"Impact": "Low",
"Public": "20190102"
},
{
"ID": "CVE-2019-3574",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3574",
"Impact": "High",
"Public": "20190102"
},
{
"ID": "CVE-2020-21048",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21048",
"Impact": "Low",
"Public": "20210914"
},
{
"ID": "CVE-2020-21049",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21049",
"Impact": "Low",
"Public": "20210914"
},
{
"ID": "CVE-2020-21050",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21050",
"Impact": "Low",
"Public": "20210914"
},
{
"ID": "CVE-2020-21547",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21547",
"Impact": "High",
"Public": "20210917"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202902001",
"Comment": "libsixel-devel is earlier than 0:1.8.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202902002",
"Comment": "libsixel1 is earlier than 0:1.8.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202902003",
"Comment": "sixel-utils is earlier than 0:1.8.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink