Bug#931309: Multiple security issues (CVE-2018-14449..14460, CVE-2018-18192..18197)
Sylvain Beucler
beuc at beuc.net
Mon Jul 1 13:23:05 BST 2019
Package: libgig
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libgig.
See:
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
for the initial report and reproducers.
As far as I can see, there was no discussion yet with you (package
maintainers), nor with upstream, so I'm opening this bug to clarify
their status.
CVE-2018-14449[0]:
| An issue was discovered in libgig 4.1.0. There is an out of bounds
| read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14450[1]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the "update dimension region's chunks" feature of the function
| gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451[2]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14452[3]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the "always assign the sample of the first dimension region of
| this region" feature of the function gig::Region::UpdateChunks in
| gig.cpp.
CVE-2018-14453[4]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14454[5]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455[6]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in pData[0] access in the function store32 in helper.h.
CVE-2018-14456[7]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457[8]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14458[9]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14459[10]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in pData[0] access in the function store16 in helper.h.
CVE-2018-14460[11]:
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a
| heap-based buffer over-read in the function H5O_sdspace_decode in
| H5Osdspace.c.
CVE-2018-18192[12]:
| An issue was discovered in libgig 4.1.0. There is a NULL pointer
| dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193[13]:
| An issue was discovered in libgig 4.1.0. There is operator new[]
| failure (due to a big pWavePoolTable heap request) in DLS::File::File
| in DLS.cpp.
CVE-2018-18194[14]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195[15]:
| An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-
| zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18196[16]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197[17]:
| An issue was discovered in libgig 4.1.0. There is an operator new[]
| failure (due to a big pSampleLoops heap request) in
| DLS::Sampler::Sampler in DLS.cpp.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14449
[1] https://security-tracker.debian.org/tracker/CVE-2018-14450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14450
[2] https://security-tracker.debian.org/tracker/CVE-2018-14451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14451
[3] https://security-tracker.debian.org/tracker/CVE-2018-14452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14452
[4] https://security-tracker.debian.org/tracker/CVE-2018-14453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14453
[5] https://security-tracker.debian.org/tracker/CVE-2018-14454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14454
[6] https://security-tracker.debian.org/tracker/CVE-2018-14455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14455
[7] https://security-tracker.debian.org/tracker/CVE-2018-14456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14456
[8] https://security-tracker.debian.org/tracker/CVE-2018-14457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14457
[9] https://security-tracker.debian.org/tracker/CVE-2018-14458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14458
[10] https://security-tracker.debian.org/tracker/CVE-2018-14459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14459
[11] https://security-tracker.debian.org/tracker/CVE-2018-14460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460
[12] https://security-tracker.debian.org/tracker/CVE-2018-18192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18192
[13] https://security-tracker.debian.org/tracker/CVE-2018-18193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18193
[14] https://security-tracker.debian.org/tracker/CVE-2018-18194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18194
[15] https://security-tracker.debian.org/tracker/CVE-2018-18195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18195
[16] https://security-tracker.debian.org/tracker/CVE-2018-18196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18196
[17] https://security-tracker.debian.org/tracker/CVE-2018-18197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18197
Please adjust the affected versions in the BTS as needed.
Cheers!
Sylvain Beucler, Debian LTS team
More information about the pkg-multimedia-maintainers
mailing list