ID CVE-2018-20546
Summary There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
References
Vulnerable Configurations
  • cpe:2.3:a:libcaca_project:libcaca:0.99:beta19
    cpe:2.3:a:libcaca_project:libcaca:0.99:beta19
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 5.8
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3860-1.NASL
    description It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 121212
    published 2019-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121212
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libcaca vulnerabilities (USN-3860-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1631.NASL
    description Several vulnerabilities were discovered in libcaca, a graphics library that outputs text: integer overflows, floating point exceptions or invalid memory reads may lead to a denial of service (application crash) if a malformed image file is processed. For Debian 8 'Jessie', these problems have been fixed in version 0.99.beta19-2+deb8u1. We recommend that you upgrade your libcaca packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 121055
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121055
    title Debian DLA-1631-1 : libcaca security update
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=1652622
mlist [debian-lts-announce] 20190109 [SECURITY] [DLA 1631-1] libcaca security update
suse openSUSE-SU-2019:1144
ubuntu
  • USN-3860-1
  • USN-3860-2
Last major update 28-12-2018 - 11:29
Published 28-12-2018 - 11:29
Last modified 04-04-2019 - 20:29
Back to Top