{"id":"USN-4587-1","summary":"italc vulnerabilities","details":"Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors\nand didn't check malloc return values. A remote attacker could use these issues\nto cause a denial of service or possibly execute arbitrary code.\n(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)\n\nJosef Gajdusek discovered that iTALC had heap-based buffer overflow\nvulnerabilities. A remote attacker could used these issues to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)\n\nIt was discovered that iTALC had an out-of-bounds write, multiple heap\nout-of-bounds writes, an infinite loop, improper initializations, and null\npointer vulnerabilities. A remote attacker could used these issues to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2018-15127,\nCVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,\nCVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,\nCVE-2019-15681)\n","modified":"2026-04-24T09:17:32.825878633Z","published":"2020-10-20T16:35:20Z","related":["UBUNTU-CVE-2014-6051","UBUNTU-CVE-2014-6052","UBUNTU-CVE-2014-6053","UBUNTU-CVE-2014-6054","UBUNTU-CVE-2014-6055","UBUNTU-CVE-2016-9941","UBUNTU-CVE-2016-9942","UBUNTU-CVE-2018-15127","UBUNTU-CVE-2018-20019","UBUNTU-CVE-2018-20020","UBUNTU-CVE-2018-20021","UBUNTU-CVE-2018-20022","UBUNTU-CVE-2018-20023","UBUNTU-CVE-2018-20024","UBUNTU-CVE-2018-20748","UBUNTU-CVE-2018-20749","UBUNTU-CVE-2018-20750","UBUNTU-CVE-2018-7225","UBUNTU-CVE-2019-15681"],"upstream":["CVE-2014-6051","CVE-2014-6052","CVE-2014-6054","CVE-2014-6055","CVE-2016-9941","CVE-2016-9942","CVE-2018-15127","CVE-2018-20019","CVE-2018-20023","CVE-2018-20749","CVE-2018-20750","UBUNTU-CVE-2014-6051","UBUNTU-CVE-2014-6052","UBUNTU-CVE-2014-6054","UBUNTU-CVE-2014-6055","UBUNTU-CVE-2016-9941","UBUNTU-CVE-2016-9942","UBUNTU-CVE-2018-15127","UBUNTU-CVE-2018-20019","UBUNTU-CVE-2018-20023","UBUNTU-CVE-2018-20749","UBUNTU-CVE-2018-20750"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4587-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6051"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6052"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6054"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6055"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9941"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9942"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-15127"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20019"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20023"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20749"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20750"}],"affected":[{"package":{"name":"italc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/italc@1:2.0.2+dfsg1-4ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.0.2+dfsg1-4ubuntu0.1"}]}],"versions":["1:2.0.2+dfsg1-3","1:2.0.2+dfsg1-4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"italc-client","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_name":"italc-management-console","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_name":"italc-master","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_name":"libitalccore","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4587-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2014-6051","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-6052","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-6054","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-6055","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2016-9941","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9942","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-15127","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20019","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20023","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20749","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20750","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}