Package: libgig X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for libgig. See: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md for the initial report and reproducers. As far as I can see, there was no discussion yet with you (package maintainers), nor with upstream, so I'm opening this bug to clarify their status. CVE-2018-14449[0]: | An issue was discovered in libgig 4.1.0. There is an out of bounds | read in gig::File::UpdateChunks in gig.cpp. CVE-2018-14450[1]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | read in the "update dimension region's chunks" feature of the function | gig::Region::UpdateChunks in gig.cpp. CVE-2018-14451[2]: | An issue was discovered in libgig 4.1.0. There is a heap-based buffer | overflow in the function RIFF::Chunk::Read in RIFF.cpp. CVE-2018-14452[3]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | read in the "always assign the sample of the first dimension region of | this region" feature of the function gig::Region::UpdateChunks in | gig.cpp. CVE-2018-14453[4]: | An issue was discovered in libgig 4.1.0. There is a heap-based buffer | overflow in pData[1] access in the function store16 in helper.h. CVE-2018-14454[5]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | read in the function RIFF::Chunk::Read in RIFF.cpp. CVE-2018-14455[6]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | write in pData[0] access in the function store32 in helper.h. CVE-2018-14456[7]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | write in the function DLS::Info::SaveString in DLS.cpp. CVE-2018-14457[8]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | write in the function DLS::Info::UpdateChunks in DLS.cpp. CVE-2018-14458[9]: | An issue was discovered in libgig 4.1.0. There is a heap-based buffer | overflow in pData[1] access in the function store32 in helper.h. CVE-2018-14459[10]: | An issue was discovered in libgig 4.1.0. There is an out-of-bounds | write in pData[0] access in the function store16 in helper.h. CVE-2018-14460[11]: | An issue was discovered in the HDF HDF5 1.8.20 library. There is a | heap-based buffer over-read in the function H5O_sdspace_decode in | H5Osdspace.c. CVE-2018-18192[12]: | An issue was discovered in libgig 4.1.0. There is a NULL pointer | dereference in the function DLS::File::GetFirstSample() in DLS.cpp. CVE-2018-18193[13]: | An issue was discovered in libgig 4.1.0. There is operator new[] | failure (due to a big pWavePoolTable heap request) in DLS::File::File | in DLS.cpp. CVE-2018-18194[14]: | An issue was discovered in libgig 4.1.0. There is a heap-based buffer | over-read in DLS::Region::GetSample() in DLS.cpp. CVE-2018-18195[15]: | An issue was discovered in libgig 4.1.0. There is an FPE (divide-by- | zero error) in DLS::Sample::Sample in DLS.cpp. CVE-2018-18196[16]: | An issue was discovered in libgig 4.1.0. There is a heap-based buffer | over-read in RIFF::List::GetListTypeString in RIFF.cpp. CVE-2018-18197[17]: | An issue was discovered in libgig 4.1.0. There is an operator new[] | failure (due to a big pSampleLoops heap request) in | DLS::Sampler::Sampler in DLS.cpp. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14449 [1] https://security-tracker.debian.org/tracker/CVE-2018-14450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14450 [2] https://security-tracker.debian.org/tracker/CVE-2018-14451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14451 [3] https://security-tracker.debian.org/tracker/CVE-2018-14452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14452 [4] https://security-tracker.debian.org/tracker/CVE-2018-14453 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14453 [5] https://security-tracker.debian.org/tracker/CVE-2018-14454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14454 [6] https://security-tracker.debian.org/tracker/CVE-2018-14455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14455 [7] https://security-tracker.debian.org/tracker/CVE-2018-14456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14456 [8] https://security-tracker.debian.org/tracker/CVE-2018-14457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14457 [9] https://security-tracker.debian.org/tracker/CVE-2018-14458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14458 [10] https://security-tracker.debian.org/tracker/CVE-2018-14459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14459 [11] https://security-tracker.debian.org/tracker/CVE-2018-14460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460 [12] https://security-tracker.debian.org/tracker/CVE-2018-18192 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18192 [13] https://security-tracker.debian.org/tracker/CVE-2018-18193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18193 [14] https://security-tracker.debian.org/tracker/CVE-2018-18194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18194 [15] https://security-tracker.debian.org/tracker/CVE-2018-18195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18195 [16] https://security-tracker.debian.org/tracker/CVE-2018-18196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18196 [17] https://security-tracker.debian.org/tracker/CVE-2018-18197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18197 Please adjust the affected versions in the BTS as needed. Cheers! Sylvain Beucler, Debian LTS team