PublicDateAtUSN: 2021-02-23 23:15:00 UTC
Candidate: CVE-2021-3410
PublicDate: 2021-02-23 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410
 https://ubuntu.com/security/notices/USN-4921-1
Description:
 A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in
 caca_resize function in libcaca/caca/canvas.c may lead to local execution
 of arbitrary code in the user context.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/cacalabs/libcaca/issues/52
 https://bugzilla.redhat.com/show_bug.cgi?id=1928437
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libcaca:
 upstream: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd
 upstream: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015
upstream_libcaca: released (0.99.beta19-2.2)
precise/esm_libcaca: ignored
trusty_libcaca: ignored (out of standard support)
trusty/esm_libcaca: released (0.99.beta18-1ubuntu5.1+esm1)
xenial_libcaca: released (0.99.beta19-2ubuntu0.16.04.2)
esm-infra/xenial_libcaca: released (0.99.beta19-2ubuntu0.16.04.2)
bionic_libcaca: released (0.99.beta19-2ubuntu0.18.04.2)
focal_libcaca: released (0.99.beta19-2.1ubuntu1.20.04.1)
groovy_libcaca: released (0.99.beta19-2.1ubuntu1.20.10.1)
hirsute_libcaca: released (0.99.beta19-2.2ubuntu1)
devel_libcaca: released (0.99.beta19-2.2ubuntu1)