Bug 2263555 (CVE-2024-25442, CVE-2024-25443, CVE-2024-25445, CVE-2024-25446) - CVE-2024-25442 CVE-2024-25443 CVE-2024-25445 CVE-2024-25446 hugin: multiple CVEs
Summary: CVE-2024-25442 CVE-2024-25443 CVE-2024-25445 CVE-2024-25446 hugin: multiple CVEs
Keywords:
Status: NEW
Alias: CVE-2024-25442, CVE-2024-25443, CVE-2024-25445, CVE-2024-25446
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2263556
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-02-09 17:19 UTC by Robb Gatica
Modified: 2024-02-09 17:19 UTC (History)
0 users

Fixed In Version: hugin 2023.0beta1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2024-02-09 17:19:43 UTC 
CVE-2024-25442 - An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.

https://bugs.launchpad.net/hugin/+bug/2025032

----

CVE-2024-25443 - An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.

https://bugs.launchpad.net/hugin/+bug/2025035

----

CVE-2024-25445 - Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.

https://bugs.launchpad.net/hugin/+bug/2025038

----

CVE-2024-25446 - An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.

https://bugs.launchpad.net/hugin/+bug/2025037
Comment 1 Robb Gatica 2024-02-09 17:19:55 UTC 
Created hugin tracking bugs for this issue:

Affects: fedora-all [bug 2263556]
Note You need to log in before you can comment on or make changes to this bug.