MGASA-2020-0459 - Updated sam2p package fixes security vulnerabilities

Publication date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0459.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2017-14628,
     CVE-2017-14629,
     CVE-2017-14630,
     CVE-2017-14631,
     CVE-2017-14636,
     CVE-2017-14637,
     CVE-2017-16663,
     CVE-2018-7487,
     CVE-2018-7551,
     CVE-2018-7553,
     CVE-2018-7554,
     CVE-2018-12578,
     CVE-2018-12601

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24
function of the file in_pcx.cpp. (CVE-2017-14628).

In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer
signedness error, leading to a crash when writing to an out-of-bounds array
element. (CVE-2017-14629).

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function
of the file in_pcx.cpp, leading to an invalid write operation.
(CVE-2017-14630).

In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer
signedness error leading to a heap-based buffer overflow. (CVE-2017-14631).

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff
times, ending with an invalid read of size 1 in the Image::Indexed::sortPal
function in image.cpp. However, this also causes memory corruption becaus
of an attempted write to the invalid d[0xfffffffe] array element.
(CVE-2017-14636).

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function
in in_xpm.cpp. However, this can also cause a write to an illegal address.
(CVE-2017-14637).

In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer
overflows) in input-bmp.ci in the function ReadImage, because "width * height"
multiplications occur unsafely. (CVE-2017-16663).

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp
in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly
unspecified other impact. (CVE-2018-7487).

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a
Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of
service or possibly unspecified other impact. (CVE-2018-7551).

There is a heap-based buffer overflow in the pcxLoadRaster function of
in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service
or possibly unspecified other impact. (CVE-2018-7553).

There is an invalid free in ReadImage in input-bmp.ci that leads to a
Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of
service or possibly unspecified other impact. (CVE-2018-7554).

There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp
in sam2p 0.49.4 that leads to a denial of service or possibly unspecified
other impact. (CVE-2018-12578).

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p
0.49.4 that leads to a denial of service or possibly unspecified other impact.
(CVE-2018-12601).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27746
- https://www.debian.org/lts/security/2017/dla-1127
- https://www.debian.org/lts/security/2017/dla-1185
- https://www.debian.org/lts/security/2018/dla-1340
- https://www.debian.org/lts/security/2018/dla-1463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14628
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16663
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7551
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7553
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7554
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12601

SRPMS:
- 7/core/sam2p-0.49.3-2.1.mga7

Mageia 2020-0459: sam2p security update

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp

Summary

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. (CVE-2017-14628).
In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. (CVE-2017-14629).
In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. (CVE-2017-14630).
In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. (CVE-2017-14631).
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption becaus of an attempted write to the invalid d[0xfffffffe] array element. (CVE-2017-14636).
In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. (CVE-2017-14637).
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. (CVE-2017-16663).
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7487).
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7551).
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7553).
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7554).
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. (CVE-2018-12578).
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. (CVE-2018-12601).

References

- https://bugs.mageia.org/show_bug.cgi?id=27746

- https://www.debian.org/lts/security/2017/dla-1127

- https://www.debian.org/lts/security/2017/dla-1185

- https://www.debian.org/lts/security/2018/dla-1340

- https://www.debian.org/lts/security/2018/dla-1463

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14628

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14629

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14630

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14631

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14636

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14637

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16663

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7487

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7551

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7553

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7554

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12578

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12601

Resolution

MGASA-2020-0459 - Updated sam2p package fixes security vulnerabilities

SRPMS

- 7/core/sam2p-0.49.3-2.1.mga7

Severity
Publication date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0459.html
Type: security
CVE: CVE-2017-14628, CVE-2017-14629, CVE-2017-14630, CVE-2017-14631, CVE-2017-14636, CVE-2017-14637, CVE-2017-16663, CVE-2018-7487, CVE-2018-7551, CVE-2018-7553, CVE-2018-7554, CVE-2018-12578, CVE-2018-12601

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved