CVE-2020-21049
Summary
| CVE | CVE-2020-21049 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-09-14 16:15:00 UTC |
|---|
| Updated | 2021-09-24 17:08:00 UTC |
|---|
| Description | An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Address Sanitizer: invalid read at stb_image.h:5669 · Issue #74 · saitoha/libsixel · GitHub |
MISC |
github.com |
|
| 404 — Bitbucket |
MISC |
bitbucket.org |
|
| Release v1.8.5 security update · saitoha/libsixel · GitHub |
MISC |
github.com |
|
| Introduce SIXEL_ALLOCATE_BYTES_MAX macro and limit allocation size to… · saitoha/libsixel@0b1e0b3 · GitHub |
MISC |
github.com |
|
| libsixel/ChangeLog at master · saitoha/libsixel · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180755 Debian Security Update for libsixel (CVE-2020-21049)
