MidnightBSD

Advisories for libcaca_project

CVE-2018-20544 MEDIUM

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
debian debian_linux 8.0
CVE-2018-20545 MEDIUM

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
fedoraproject fedora 35
canonical ubuntu_linux 18.10
fedoraproject fedora 34
fedoraproject fedora 36
opensuse leap 15.0
CVE-2018-20546 MEDIUM

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
fedoraproject fedora 35
canonical ubuntu_linux 18.10
fedoraproject fedora 34
fedoraproject fedora 36
debian debian_linux 8.0
opensuse leap 15.0
CVE-2018-20547 MEDIUM

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
fedoraproject fedora 35
canonical ubuntu_linux 18.10
fedoraproject fedora 34
fedoraproject fedora 36
debian debian_linux 8.0
opensuse leap 15.0
CVE-2018-20548 MEDIUM

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
fedoraproject fedora 35
canonical ubuntu_linux 18.10
fedoraproject fedora 34
fedoraproject fedora 36
opensuse leap 15.0
CVE-2018-20549 MEDIUM

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libcaca_project libcaca 0.99
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
fedoraproject fedora 35
canonical ubuntu_linux 18.10
fedoraproject fedora 34
fedoraproject fedora 36
debian debian_linux 8.0
opensuse leap 15.0
CVE-2021-30498 MEDIUM

A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
libcaca_project libcaca 0.99
fedoraproject fedora 35
fedoraproject fedora 34
fedoraproject fedora 36
CVE-2021-30499 MEDIUM

A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libcaca_project libcaca -
fedoraproject fedora 35
fedoraproject fedora 34
fedoraproject fedora 36
CVE-2021-3410 MEDIUM

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-190,

Products Affected

Vendor Product Version
libcaca_project libcaca 0.99
fedoraproject fedora 35
debian debian_linux 9.0
fedoraproject fedora 34
CVE-2022-0856 MEDIUM

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,CWE-369,

Products Affected

Vendor Product Version
libcaca_project libcaca 0.99
fedoraproject fedora 38
fedoraproject fedora 37