GNU bug report logs - #47622
vigra package is vulnerable to CVE-2021-30046

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Tue, 6 Apr 2021 17:22:01 UTC

Severity: normal

Tags: security

To reply to this bug, email your comments to 47622 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#47622; Package guix. (Tue, 06 Apr 2021 17:22:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Léo Le Bouter <lle-bout <at> zaclys.net>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 06 Apr 2021 17:22:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: bug-guix <at> gnu.org
Subject: vigra package is vulnerable to CVE-2021-30046
Date: Tue, 06 Apr 2021 19:21:48 +0200

[Message part 1 (text/plain, inline)]
CVE-2021-30046	15:15
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation
fault vulnerability in the impex.hxx read_image_band() function, in
which a crafted file can cause a denial of service.

Upstream issue: https://github.com/ukoethe/vigra/issues/494

No fix provided yet.

[signature.asc (application/pgp-signature, inline)]
Added tag(s) security. Request was from Léo Le Bouter <lle-bout <at> zaclys.net> to control <at> debbugs.gnu.org. (Tue, 06 Apr 2021 17:24:01 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 128 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.