libcaca.so is vulnerable to denial of service (DoS). An attacker is able to input a malicious string to call the caca_import_canvas_from_memory()
function, causing a buffer overflow issue in the caca_resize
function in libcaca/caca/canvas.c
.
bugzilla.redhat.com/show_bug.cgi?id=1928437
github.com/cacalabs/libcaca/issues/52
lists.debian.org/debian-lts-announce/2021/03/msg00006.html
lists.fedoraproject.org/archives/list/[email protected]/message/6WFGYICNTMNDNMDDUV4G2RYFB5HNJCOV/
lists.fedoraproject.org/archives/list/[email protected]/message/PC7EGOEQ5C4OD66ZUJJIIYEXBTZOCMZX/
lists.fedoraproject.org/archives/list/[email protected]/message/ZSBCRN6EGQJUVOSD4OEEQ6XORHEM2CUL/