Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 22.04 LTS & 20.04 LTS: USN-7198-1 critical: rlottie security risks

ubuntu
Calendar Grey January 10, 2025
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-7198-1 addresses critical vulnerabilities in rlottie, enhancing security on Ubuntu. Users should update quickly to protect against new threats
Several security issues were fixed in rlottie.

Summary

Several security issues were fixed in rlottie.

Software Description:

- rlottie: library for rendering vector based animations and art

Details:

Paolo Giai discovered a series of stack-based overflow vulnerabilities in

the blit and gray_render_cubic functions of a custom fork of the rlottie

library. An attacker could possibly use this issue to leak sensitive

information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04

LTS. (CVE-2021-31315, CVE-2021-31321)

Paolo Giai discovered a series of type confusion vulnerabilities in the

VDasher constructor and the LOTCompLayerItem::LOTCompLayerItem function

of a custom fork of the rlottie library. An attacker could possibly use

this issue to leak sensitive information. This issue only affected Ubuntu

20.04 LTS. (CVE-2021-31317, CVE-2021-31318)

Paolo Giai discovered an integer overflow vulnerability in the

LOTGradient::populate function of a custom fork of the rlottie library.

An attacker could possibly use ...

Read the Full Advisory

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7198-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here