Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: 2023-0456 Moderate Alert for QGIS Memory Leak Issue

mageia
Calendar Grey August 25, 2022
Dist Mageia Esm H88
Discover Mageia's recent security notice regarding Kicad, focusing on serious buffer overflow vulnerabilities and reinforcing safeguards following the latest updates.
Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malform...

Summary

Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows.
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2022-23803)
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2022-23804)
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and ex...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30109

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5EMCGSSP3FIWCSL2KXVXLF35JYZKZE5Q/

- https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html

- https://www.kicad.org/blog/2022/07/KiCad-6.0.7-Release/

- https://lists.debian.org/debian-security-announce/2022/msg00183.html

- https://www.cve.org/CVERecord?id=CVE-2022-23803

- https://www.cve.org/CVERecord?id=CVE-2022-23804

- https://www.cve.org/CVERecord?id=CVE-2022-23946

- https://www.cve.org/CVERecord?id=CVE-2022-23947

Topics%20covered

Topics Covered

security advisory moderate security update buffer overflow arbitrary code Mageia Kicad

Resolution

SRPMS

- 8/core/kicad-5.1.12-1.1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 25 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0295.html
Type: security
CVE: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947

Topics%20covered

Topics Covered

security advisory moderate security update buffer overflow arbitrary code Mageia Kicad

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here