Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libgig: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)

Related Vulnerabilities: CVE-2018-14449   CVE-2018-18192   CVE-2018-14450   CVE-2018-14451   CVE-2018-14452   CVE-2018-14453   CVE-2018-14454   CVE-2018-14455   CVE-2018-14456   CVE-2018-14457   CVE-2018-14458   CVE-2018-14459   CVE-2018-14460   CVE-2018-18193   CVE-2018-18194   CVE-2018-18195   CVE-2018-18196   CVE-2018-18197  

Source

Debian Bug report logs - #931309
libgig: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)

Package: libgig; Maintainer for libgig is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>;

Reported by: Sylvain Beucler <beuc@beuc.net>

Date: Mon, 1 Jul 2019 12:36:04 UTC

Severity: important

Tags: security

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#931309; Package libgig. (Mon, 01 Jul 2019 12:36:07 GMT) (full text, mbox, link).

Acknowledgement sent to Sylvain Beucler <beuc@beuc.net>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Mon, 01 Jul 2019 12:36:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Sylvain Beucler <beuc@beuc.net>
To: submit@bugs.debian.org
Subject: Multiple security issues (CVE-2018-14449..14460, CVE-2018-18192..18197)
Date: Mon, 1 Jul 2019 14:23:05 +0200
Package: libgig
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for libgig.
See:
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
for the initial report and reproducers.

As far as I can see, there was no discussion yet with you (package
maintainers), nor with upstream, so I'm opening this bug to clarify
their status.


CVE-2018-14449[0]:
| An issue was discovered in libgig 4.1.0. There is an out of bounds
| read in gig::File::UpdateChunks in gig.cpp.


CVE-2018-14450[1]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the "update dimension region's chunks" feature of the function
| gig::Region::UpdateChunks in gig.cpp.


CVE-2018-14451[2]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in the function RIFF::Chunk::Read in RIFF.cpp.


CVE-2018-14452[3]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the "always assign the sample of the first dimension region of
| this region" feature of the function gig::Region::UpdateChunks in
| gig.cpp.


CVE-2018-14453[4]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in pData[1] access in the function store16 in helper.h.


CVE-2018-14454[5]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| read in the function RIFF::Chunk::Read in RIFF.cpp.


CVE-2018-14455[6]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in pData[0] access in the function store32 in helper.h.


CVE-2018-14456[7]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in the function DLS::Info::SaveString in DLS.cpp.


CVE-2018-14457[8]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in the function DLS::Info::UpdateChunks in DLS.cpp.


CVE-2018-14458[9]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| overflow in pData[1] access in the function store32 in helper.h.


CVE-2018-14459[10]:
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds
| write in pData[0] access in the function store16 in helper.h.


CVE-2018-14460[11]:
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a
| heap-based buffer over-read in the function H5O_sdspace_decode in
| H5Osdspace.c.


CVE-2018-18192[12]:
| An issue was discovered in libgig 4.1.0. There is a NULL pointer
| dereference in the function DLS::File::GetFirstSample() in DLS.cpp.


CVE-2018-18193[13]:
| An issue was discovered in libgig 4.1.0. There is operator new[]
| failure (due to a big pWavePoolTable heap request) in DLS::File::File
| in DLS.cpp.


CVE-2018-18194[14]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| over-read in DLS::Region::GetSample() in DLS.cpp.


CVE-2018-18195[15]:
| An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-
| zero error) in DLS::Sample::Sample in DLS.cpp.


CVE-2018-18196[16]:
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer
| over-read in RIFF::List::GetListTypeString in RIFF.cpp.


CVE-2018-18197[17]:
| An issue was discovered in libgig 4.1.0. There is an operator new[]
| failure (due to a big pSampleLoops heap request) in
| DLS::Sampler::Sampler in DLS.cpp.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-14449
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14449
[1] https://security-tracker.debian.org/tracker/CVE-2018-14450
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14450
[2] https://security-tracker.debian.org/tracker/CVE-2018-14451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14451
[3] https://security-tracker.debian.org/tracker/CVE-2018-14452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14452
[4] https://security-tracker.debian.org/tracker/CVE-2018-14453
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14453
[5] https://security-tracker.debian.org/tracker/CVE-2018-14454
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14454
[6] https://security-tracker.debian.org/tracker/CVE-2018-14455
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14455
[7] https://security-tracker.debian.org/tracker/CVE-2018-14456
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14456
[8] https://security-tracker.debian.org/tracker/CVE-2018-14457
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14457
[9] https://security-tracker.debian.org/tracker/CVE-2018-14458
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14458
[10] https://security-tracker.debian.org/tracker/CVE-2018-14459
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14459
[11] https://security-tracker.debian.org/tracker/CVE-2018-14460
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460
[12] https://security-tracker.debian.org/tracker/CVE-2018-18192
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18192
[13] https://security-tracker.debian.org/tracker/CVE-2018-18193
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18193
[14] https://security-tracker.debian.org/tracker/CVE-2018-18194
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18194
[15] https://security-tracker.debian.org/tracker/CVE-2018-18195
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18195
[16] https://security-tracker.debian.org/tracker/CVE-2018-18196
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18196
[17] https://security-tracker.debian.org/tracker/CVE-2018-18197
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18197

Please adjust the affected versions in the BTS as needed.

Cheers!
Sylvain Beucler, Debian LTS team

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#931309; Package libgig. (Mon, 01 Jul 2019 13:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Sylvain Beucler <beuc@beuc.net>:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Mon, 01 Jul 2019 13:21:03 GMT) (full text, mbox, link).

Message #10 received at 931309@bugs.debian.org (full text, mbox, reply):

From: Sylvain Beucler <beuc@beuc.net>
To: 931309@bugs.debian.org
Subject: Re: Bug#931309: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)
Date: Mon, 1 Jul 2019 15:09:11 +0200
retitle 931309 libgig: Multiple security issues (CVE-2018-14449..14459,
CVE-2018-18192..18197)
thanks

(typo: not CVE-2018-14460)

Changed Bug title to 'libgig: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)' from 'Multiple security issues (CVE-2018-14449..14460, CVE-2018-18192..18197)'. Request was from Sylvain Beucler <beuc@beuc.net> to control@bugs.debian.org. (Mon, 01 Jul 2019 13:36:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Jul 2 11:20:41 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started