Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2077019 (CVE-2022-28041)
Summary: | CVE-2022-28041 stb: integer overflow in stbi__jpeg_decode_block_prog_dc() can lead to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | code, mhroncok, otaylor, wtaymans |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2077020, 2077021, 2077054, 2083035 | ||
Bug Blocks: |
Description
Guilherme de Almeida Suckevicz
2022-04-20 13:48:32 UTC
Created stb tracking bugs for this issue: Affects: epel-all [bug 2077021] Affects: fedora-all [bug 2077020] Created PR for sdrpp: https://src.fedoraproject.org/rpms/sdrpp/pull-request/2 Created PR for gamescope: https://src.fedoraproject.org/rpms/gamescope/pull-request/2 Created PR for zxing-cpp: https://src.fedoraproject.org/rpms/zxing-cpp/pull-request/2 Created PR for mlpack: https://src.fedoraproject.org/rpms/mlpack/pull-request/5 Created PR for CuraEngine: https://src.fedoraproject.org/rpms/CuraEngine/pull-request/21 Created PR for assimp: https://src.fedoraproject.org/rpms/assimp/pull-request/5 That should generally cover the dependent packages that build with header-only stb_image from the stb package. There are a couple of others (SOIL, SFML) that are based on forks of older stb_image versions or have otherwise never been adjusted to use an external stb_image. FEDORA-2022-bc606b86f4 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-cc64b21327 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-0125d9cd29 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. |