Bug 1120504 (CVE-2018-20547) - VUL-1: CVE-2018-20547: libcaca: illegal READ memory access at caca/dither.c for 24bpp data
Summary: VUL-1: CVE-2018-20547: libcaca: illegal READ memory access at caca/dither.c f...
Status: RESOLVED FIXED
: CVE-2018-20546 (view as bug list)
Alias: CVE-2018-20547
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/221960/
Whiteboard: CVSSv3.1:SUSE:CVE-2018-20547:5.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-02 14:12 UTC by Alexander Bergmann
Modified: 2024-07-26 09:48 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-01-02 14:12:27 UTC 
CVE-2018-20547

There is an illegal READ memory access at caca/dither.c (function
get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547
Comment 3 Josef Möllers 2019-01-23 15:43:02 UTC 
*** Bug 1120503 has been marked as a duplicate of this bug. ***
Comment 5 Swamp Workflow Management 2019-03-27 14:23:59 UTC 
SUSE-SU-2019:0770-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1120470,1120502,1120503,1120504,1120584,1120589
CVE References: CVE-2018-20544,CVE-2018-20545,CVE-2018-20546,CVE-2018-20547,CVE-2018-20548,CVE-2018-20549
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    libcaca-0.99.beta19.git20171003-3.3.7
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libcaca-0.99.beta19.git20171003-3.3.7

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-04-04 22:27:19 UTC 
openSUSE-SU-2019:1144-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1120470,1120502,1120503,1120504,1120584,1120589
CVE References: CVE-2018-20544,CVE-2018-20545,CVE-2018-20546,CVE-2018-20547,CVE-2018-20548,CVE-2018-20549
Sources used:
openSUSE Leap 15.0 (src):    libcaca-0.99.beta19.git20171003-lp150.2.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-10-22 17:01:57 UTC 
SUSE-SU-2019:2745-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1120470,1120502,1120503,1120504,1120584,1120589
CVE References: CVE-2018-20544,CVE-2018-20545,CVE-2018-20546,CVE-2018-20547,CVE-2018-20548,CVE-2018-20549
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libcaca-0.99.beta18-14.3.27
SUSE Linux Enterprise Server 12-SP4 (src):    libcaca-0.99.beta18-14.3.27
SUSE Linux Enterprise Desktop 12-SP4 (src):    libcaca-0.99.beta18-14.3.27

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-11-13 00:46:53 UTC 
SUSE-SU-2019:2745-2: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1120470,1120502,1120503,1120504,1120584,1120589
CVE References: CVE-2018-20544,CVE-2018-20545,CVE-2018-20546,CVE-2018-20547,CVE-2018-20548,CVE-2018-20549
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libcaca-0.99.beta18-14.3.27
SUSE Linux Enterprise Server 12-SP5 (src):    libcaca-0.99.beta18-14.3.27

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Andrea Mattiazzo 2024-07-26 09:48:36 UTC 
All done, closing.