PLIB could be made to execute arbitrary code if it opens a specially
crafted TGA file.
Software Description:
- plib: Portability Libraries: Development package
Details:
Wooseok Kang discovered that PLIB did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted TGA file, an attacker could possibly use this issue to cause
applications using PLIB to crash, resulting in a denial of service, or
possibly execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libplib1 1.8.5-8ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libplib1 1.8.5-8ubuntu0.18.04.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libplib1 1.8.5-7ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6353-1
CVE-2021-38714
Get the latest Linux and open source security news straight to your inbox.