{"id":"MGASA-2020-0459","summary":"Updated sam2p package fixes security vulnerabilities","details":"In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24\nfunction of the file in_pcx.cpp. (CVE-2017-14628).\n\nIn sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer\nsignedness error, leading to a crash when writing to an out-of-bounds array\nelement. (CVE-2017-14629).\n\nIn sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function\nof the file in_pcx.cpp, leading to an invalid write operation.\n(CVE-2017-14630).\n\nIn sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer\nsignedness error leading to a heap-based buffer overflow. (CVE-2017-14631).\n\nBecause of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff\ntimes, ending with an invalid read of size 1 in the Image::Indexed::sortPal\nfunction in image.cpp. However, this also causes memory corruption becaus\nof an attempted write to the invalid d[0xfffffffe] array element.\n(CVE-2017-14636).\n\nIn sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function\nin in_xpm.cpp. However, this can also cause a write to an illegal address.\n(CVE-2017-14637).\n\nIn sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer\noverflows) in input-bmp.ci in the function ReadImage, because \"width * height\"\nmultiplications occur unsafely. (CVE-2017-16663).\n\nThere is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp\nin sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly\nunspecified other impact. (CVE-2018-7487).\n\nThere is an invalid free in MiniPS::delete0 in minips.cpp that leads to a\nSegmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of\nservice or possibly unspecified other impact. (CVE-2018-7551).\n\nThere is a heap-based buffer overflow in the pcxLoadRaster function of\nin_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service\nor possibly unspecified other impact. (CVE-2018-7553).\n\nThere is an invalid free in ReadImage in input-bmp.ci that leads to a\nSegmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of\nservice or possibly unspecified other impact. (CVE-2018-7554).\n\nThere is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp\nin sam2p 0.49.4 that leads to a denial of service or possibly unspecified\nother impact. (CVE-2018-12578).\n\nThere is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p\n0.49.4 that leads to a denial of service or possibly unspecified other impact.\n(CVE-2018-12601).\n","modified":"2026-02-04T04:18:43.166819Z","published":"2020-12-17T13:10:41Z","related":["CVE-2017-14628","CVE-2017-14629","CVE-2017-14630","CVE-2017-14631","CVE-2017-14636","CVE-2017-14637","CVE-2017-16663","CVE-2018-12578","CVE-2018-12601","CVE-2018-7487","CVE-2018-7551","CVE-2018-7553","CVE-2018-7554"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0459.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27746"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2017/dla-1127"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2017/dla-1185"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2018/dla-1340"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2018/dla-1463"}],"affected":[{"package":{"name":"sam2p","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/sam2p?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.49.3-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0459.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}