Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7 MGASA-2020-0459 Moderate: Sam2p Risks and Fixes

mageia
Calendar Grey December 17, 2020
Dist Mageia Esm H88
Mageia 2020-0460 addresses multiple vulnerabilities in libXYZ impacting versions until 1.2.3, essential for system integrity.
In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp

Summary

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. (CVE-2017-14628).
In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. (CVE-2017-14629).
In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. (CVE-2017-14630).
In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. (CVE-2017-14631).
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption becaus of an attempted write to the invalid d[0xfffffffe] array element. (CVE-2017-14636).
In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27746

- https://lists.debian.org/debian-lts-announce/2017/10/msg00007.html

- https://lists.debian.org/debian-lts-announce/2017/11/msg00031.html

- https://lists.debian.org/debian-lts-announce/2018/04/msg00004.html

- https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html

- https://www.cve.org/CVERecord?id=CVE-2017-14628

- https://www.cve.org/CVERecord?id=CVE-2017-14629

- https://www.cve.org/CVERecord?id=CVE-2017-14630

- https://www.cve.org/CVERecord?id=CVE-2017-14631

- https://www.cve.org/CVERecord?id=CVE-2017-14636

- https://www.cve.org/CVERecord?id=CVE-2017-14637

- https://www.cve.org/CVERecord?id=CVE-2017-16663

- https://www.cve.org/CVERecord?id=CVE-2018-7487

- https://www.cve.org/CVERecord?id=CVE-2018-7551

- https://www.cve.org/CVERecord?id=CVE-2018-7553

- https://www.cve.org/CVERecord?id=CVE-2018-7554

- https://www.cve.org/CVERecord?id=CVE-2018-12578

- https://www.cve.org/CVERecord?id=CVE-2018-12601

Topics%20covered

Topics Covered

security advisory moderate denial of service buffer overflow software update memory corruption moderate severity integer overflow mageia sam2p

Resolution

SRPMS

- 7/core/sam2p-0.49.3-2.1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0459.html
Type: security
CVE: CVE-2017-14628, CVE-2017-14629, CVE-2017-14630, CVE-2017-14631, CVE-2017-14636, CVE-2017-14637, CVE-2017-16663, CVE-2018-7487, CVE-2018-7551, CVE-2018-7553, CVE-2018-7554, CVE-2018-12578, CVE-2018-12601

Topics%20covered

Topics Covered

security advisory moderate denial of service buffer overflow software update memory corruption moderate severity integer overflow mageia sam2p

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here