Bug 2077019 (CVE-2022-28041)
Summary: | CVE-2022-28041 stb: integer overflow in stbi__jpeg_decode_block_prog_dc() can lead to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | code, mhroncok, otaylor, wtaymans |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2077020, 2077021, 2077054, 2083035 | ||
Bug Blocks: | 2077041 |
Description
Guilherme de Almeida Suckevicz
2022-04-20 13:48:32 UTC
Created stb tracking bugs for this issue: Affects: epel-all [bug 2077021] Affects: fedora-all [bug 2077020] Created PR for sdrpp: https://src.fedoraproject.org/rpms/sdrpp/pull-request/2 Created PR for gamescope: https://src.fedoraproject.org/rpms/gamescope/pull-request/2 Created PR for zxing-cpp: https://src.fedoraproject.org/rpms/zxing-cpp/pull-request/2 Created PR for mlpack: https://src.fedoraproject.org/rpms/mlpack/pull-request/5 Created PR for CuraEngine: https://src.fedoraproject.org/rpms/CuraEngine/pull-request/21 Created PR for assimp: https://src.fedoraproject.org/rpms/assimp/pull-request/5 That should generally cover the dependent packages that build with header-only stb_image from the stb package. There are a couple of others (SOIL, SFML) that are based on forks of older stb_image versions or have otherwise never been adjusted to use an external stb_image. FEDORA-2022-bc606b86f4 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-cc64b21327 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-0125d9cd29 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. |