vigra package is vulnerable to CVE-2021-30046

OpenSubmitted by Léo Le Bouter.
Details
One participant
  • Léo Le Bouter
Owner
unassigned
Severity
normal
L
L
Léo Le Bouter wrote on 6 Apr 19:21 +0200
(address . bug-guix@gnu.org)
49b8011d527a93437436f0e9039f638e6f9a7f12.camel@zaclys.net
CVE-2021-30046 15:15VIGRA Computer Vision Library Version-1-11-1 contains a segmentationfault vulnerability in the impex.hxx read_image_band() function, inwhich a crafted file can cause a denial of service.
Upstream issue: https://github.com/ukoethe/vigra/issues/494
No fix provided yet.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsmKwACgkQRaix6GvNEKb12hAAtIgtQdZJxe22xEavnOd2vU/0g1B7BZZ8R55mb8nr4Ds74k4k+ZTyRQrpa3S8If7l9Pz64xC7lZKzlxKEapGzCTeH+sI+jYcB5vI2DDwLF4Eqeq31KhrMA/KidvoDmSA7AKWRHDDz+hUqzp655fgIGw4t9YG4+gEg3BQOCeG72Q+Hh1sko6VOOikyj69c/mq8qzQDcG41iVw5SyK6iFafyONz5urMzzfe0D/C0HRFhlYB5+mZ5a3orzyeQ/t5i2fn7fm1q7x07i3/OLqeMtrPrtBQ1SK13rCNXKUaRQtRLwMu84VNCQ6qXoC1Q7+ahuN8pzDSux6er0bQtKE1DL38nV7RSfyjo+q4dBSKJeotN9V5ZcyMySWUkosz6uWJh8PX1ZKcAfLKDDujI+sTB8VUQD5RQFNZV1fni1tsNJIBWYgynvmCSWOoHRanwJM98nVFkejAvDJvOFd2o6VEGOsWVS1qrIlGAc8r3Sk76V3IxLE+eaKpv+VMHalzB5Vy2F2CT8x4oMe7XMBV0Lbpw/GgtQ03mIXlMWUFIJbrI3ZMKBclornXI8Itw2vHHk3wPMLAjwYDpRl+Lv2C88s6OBGSzvUDbgbJ8pTi7YGVnKoJoWqQ6137kxT337PANmIWzBqfHxIrYaGgs4o4lp8C1M9yHsZxMXnD2MgC6GSQjjhkcek==GhRa-----END PGP SIGNATURE-----

L
L
Léo Le Bouter wrote on 6 Apr 19:22 +0200
(address . control@debbugs.gnu.org)
39f093453400486423e834d1f1ba7e924973d959.camel@zaclys.net
tags 47622 + securityquit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsmPEACgkQRaix6GvNEKZUahAAmwN90pj7Qz5hSsAG3iqTD3qMgRbTya/ckE3gX/Gf3GFSc9cK+73jteUy+gj0jMnSFymuEkGaTsHFGY9N7xOlVnEGrAAXpBEmWlRYOZIu3ngXwIkYI1QQqe5IasJIN4PVT0XXjsVREvmCjPW4Ij+CW0Wcu9FuikQPAQwtKZTj2KhMItITduDp9/9kO2cLbmrdcji8o4OAyNv0w09hUx9CMUIbmAm1h9DCKZIJ+kqqvZhUaLWqqCttem9B/KbthvMswtHxSo1O1p0Jx6aBjID4f9Jg1FmRPs38tKcZ9NNL4fu0bfrkb+SqiZZie7D7ybhwGy4dxyAzsfrMArH9FbFjXm6GWoHz6D4iwL4fIon3XZa5ur3fCY+UJBHl60Xk74/6Ir9yvYuQL9Z9/YEjXbXGhveQbOiPXnBYUB4z9PyVnCKg1MsBKL1oNEyku9WHX4m3uQSULep2suAVQOlFMrg+G9hKZXAOFl8DLm+AFuhZk/8pqkNFECAwNWDP0Z0LkcAXNVkpkgxZaHAjhdwVgB0Gf5O6HrqvIi0VB1TWbXZqDgrxF42E4HG6QH+ZEI8pGJXMURdf9aJ/vJETp8UzAWKsR2LN2U9DjliuostCmzYuA7D/B9oU5favZCmM2nNy7YwfQlTV3d4Qh5DjncN+ISehKM/YnuBjC7Rd29SB7tO16LQ==YSjm-----END PGP SIGNATURE-----

?