CVE-2021-20205

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2022-06-18
Modified: 2024-11-21

CVE-2021-46822

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package libwebkitgtk4 updated to version 2.34.2-alt1 for branch sisyphus_riscv64.

Published: 2021-10-20
Modified: 2024-11-21

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

Version: 2.1.0

Branch sisyphus_riscv64 update on 2021-11-26

ALT-BU-2021-4404-1

ALT-PU-2021-4401-1

Closed bugs

Bug #41400

ALT-PU-2021-4402-1

Closed vulnerabilities

CVE-2021-20205

CVE-2021-46822

ALT-PU-2021-4403-1

Closed vulnerabilities

CVE-2021-42762