vigra package is vulnerable to CVE-2021-30046

Open

Details

One participant

Léo Le Bouter

Owner: unassigned

Submitted by: Léo Le Bouter

Severity: normal

L

L

Léo Le Bouter wrote on 6 Apr 2021 19:21

Recipients:(address . bug-guix@gnu.org)

Message-ID:49b8011d527a93437436f0e9039f638e6f9a7f12.camel@zaclys.net

CVE-2021-30046 15:15

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation

fault vulnerability in the impex.hxx read_image_band() function, in

which a crafted file can cause a denial of service.

Upstream issue: https://github.com/ukoethe/vigra/issues/494

No fix provided yet.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsmKwACgkQRaix6GvN
EKb12hAAtIgtQdZJxe22xEavnOd2vU/0g1B7BZZ8R55mb8nr4Ds74k4k+ZTyRQrp
a3S8If7l9Pz64xC7lZKzlxKEapGzCTeH+sI+jYcB5vI2DDwLF4Eqeq31KhrMA/Ki
dvoDmSA7AKWRHDDz+hUqzp655fgIGw4t9YG4+gEg3BQOCeG72Q+Hh1sko6VOOiky
j69c/mq8qzQDcG41iVw5SyK6iFafyONz5urMzzfe0D/C0HRFhlYB5+mZ5a3orzye
Q/t5i2fn7fm1q7x07i3/OLqeMtrPrtBQ1SK13rCNXKUaRQtRLwMu84VNCQ6qXoC1
Q7+ahuN8pzDSux6er0bQtKE1DL38nV7RSfyjo+q4dBSKJeotN9V5ZcyMySWUkosz
6uWJh8PX1ZKcAfLKDDujI+sTB8VUQD5RQFNZV1fni1tsNJIBWYgynvmCSWOoHRan
wJM98nVFkejAvDJvOFd2o6VEGOsWVS1qrIlGAc8r3Sk76V3IxLE+eaKpv+VMHalz
B5Vy2F2CT8x4oMe7XMBV0Lbpw/GgtQ03mIXlMWUFIJbrI3ZMKBclornXI8Itw2vH
Hk3wPMLAjwYDpRl+Lv2C88s6OBGSzvUDbgbJ8pTi7YGVnKoJoWqQ6137kxT337PA
NmIWzBqfHxIrYaGgs4o4lp8C1M9yHsZxMXnD2MgC6GSQjjhkcek=
=GhRa
-----END PGP SIGNATURE-----

L

L

Léo Le Bouter wrote on 6 Apr 2021 19:22

Recipients:(address . control@debbugs.gnu.org)

Message-ID:39f093453400486423e834d1f1ba7e924973d959.camel@zaclys.net

tags 47622 + security

quit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsmPEACgkQRaix6GvN
EKZUahAAmwN90pj7Qz5hSsAG3iqTD3qMgRbTya/ckE3gX/Gf3GFSc9cK+73jteUy
+gj0jMnSFymuEkGaTsHFGY9N7xOlVnEGrAAXpBEmWlRYOZIu3ngXwIkYI1QQqe5I
asJIN4PVT0XXjsVREvmCjPW4Ij+CW0Wcu9FuikQPAQwtKZTj2KhMItITduDp9/9k
O2cLbmrdcji8o4OAyNv0w09hUx9CMUIbmAm1h9DCKZIJ+kqqvZhUaLWqqCttem9B
/KbthvMswtHxSo1O1p0Jx6aBjID4f9Jg1FmRPs38tKcZ9NNL4fu0bfrkb+SqiZZi
e7D7ybhwGy4dxyAzsfrMArH9FbFjXm6GWoHz6D4iwL4fIon3XZa5ur3fCY+UJBHl
60Xk74/6Ir9yvYuQL9Z9/YEjXbXGhveQbOiPXnBYUB4z9PyVnCKg1MsBKL1oNEyk
u9WHX4m3uQSULep2suAVQOlFMrg+G9hKZXAOFl8DLm+AFuhZk/8pqkNFECAwNWDP
0Z0LkcAXNVkpkgxZaHAjhdwVgB0Gf5O6HrqvIi0VB1TWbXZqDgrxF42E4HG6QH+Z
EI8pGJXMURdf9aJ/vJETp8UzAWKsR2LN2U9DjliuostCmzYuA7D/B9oU5favZCmM
2nNy7YwfQlTV3d4Qh5DjncN+ISehKM/YnuBjC7Rd29SB7tO16LQ=
=YSjm
-----END PGP SIGNATURE-----

?

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 47622@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 47622

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch