pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2024-3605/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

156 lines
6.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243605",
"Version": "oval:org.altlinux.errata:def:20243605",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3605: package `gifsicle` update to version 1.93-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3605",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3605",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00509",
"RefURL": "https://bdu.fstec.ru/vul/2018-00509",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02071",
"RefURL": "https://bdu.fstec.ru/vul/2022-02071",
"Source": "BDU"
},
{
"RefID": "CVE-2017-1000421",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000421",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18120",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18120",
"Source": "CVE"
},
{
"RefID": "CVE-2020-19752",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-19752",
"Source": "CVE"
},
{
"RefID": "CVE-2023-46009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-46009",
"Source": "CVE"
}
],
"Description": "This update upgrades gifsicle to version 1.93-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00509: Уязвимость функции read_gif программного обеспечения для просмотра GIF-файлов gifview пакета программ для создания, редактирования и оптимизации GIF-файлов Gifsicle, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-02071: Уязвимость функции find_color_or_error пакета программ для создания, редактирования и оптимизации GIF-файлов Gifsicle, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-1000421: Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution\n\n * CVE-2017-18120: A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.\n\n * CVE-2020-19752: The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.\n\n * CVE-2023-46009: gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-13"
},
"Updated": {
"Date": "2024-04-08"
},
"BDUs": [
{
"ID": "BDU:2018-00509",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2018-00509",
"Impact": "Critical",
"Public": "20170809"
},
{
"ID": "BDU:2022-02071",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-02071",
"Impact": "High",
"Public": "20210707"
}
],
"CVEs": [
{
"ID": "CVE-2017-1000421",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000421",
"Impact": "Critical",
"Public": "20180102"
},
{
"ID": "CVE-2017-18120",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18120",
"Impact": "High",
"Public": "20180202"
},
{
"ID": "CVE-2020-19752",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-19752",
"Impact": "High",
"Public": "20210907"
},
{
"ID": "CVE-2023-46009",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-697",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-46009",
"Impact": "High",
"Public": "20231018"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243605001",
"Comment": "gifsicle is earlier than 0:1.93-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink