dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c.
CVE: (none) => CVE-2019-13989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13989 https://security-tracker.debian.org/tracker/CVE-2019-13989
Summary: dpic security issue CVE-2019-13989 => dpic new security issue CVE-2019-13989Whiteboard: (none) => MGA7TOOSeverity: normal => major
Hi, thanks for reporting this. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => jani.valimaa, ouaurelien, smelror
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. (CVE-2019-13989) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13989 https://security-tracker.debian.org/tracker/CVE-2019-13989 ======================== Updated package in core/updates_testing: ======================== dpic-2018.02.01-1.1.mga7 from SRPM: dpic-2018.02.01-1.1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDSource RPM: dpic-2018.02.01-3.mga8.src => dpic-2018.02.01-1.mga7.src
Source RPM: dpic-2018.02.01-1.mga7.src => dpic-2018.02.01-1.mga7.src.rpm
Suggested advisory: ======================== The updated package fixes a security vulnerability: dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. (CVE-2019-13989) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13989 https://security-tracker.debian.org/tracker/CVE-2019-13989 ======================== Updated package in core/updates_testing: ======================== dpic-2018.02.01-2.1.mga7 from SRPM: dpic-2018.02.01-2.1.mga7.src.rpm
Source RPM: dpic-2018.02.01-1.mga7.src.rpm => dpic-2018.02.01-2.mga7.src.rpm
CVE-2019-13989 https://gitlab.com/aplevich/dpic/-/issues/4 $ dpic test01 Char chr(24)"^X" unknown ^X2 *** dpic: line 3 ERROR: Character not recognized: ignored *** buffer overflow detected ***: dpic terminated Aborted (core dumped) Updated dpic from testing and ran the POC test again. $ dpic test01 Char chr(24)"^X" unknown ^X2 *** dpic: line 3 ERROR: Character not recognized: ignored 2e+82 print e ; *** dpic: line 5 ERROR: Variable not found Search failure for "e" 0 Char chr(0)"^@" unknown *** dpic: line 5 ERROR: Character not recognized: ignored *** dpic: line 5 ERROR: ; or end of line found. The following were expected: ! constant variable ( function location *** dpic: maximum error count exceeded No abort and test file rejected so this is good. Looks like PIC is a domain specific language, for raster graphics maybe. Found chem.pic on this system, originally generated by transfig. Tried to produce transformations of checm.pic to PS, SVG and other formats but found that simply copied the original each time. $ dpic -v -z chem.pic > chem.svg display chem.pic display: no decode delegate for this image format `PIC' @ error/constitute.c/ReadImage/556. $ diff chem.pic chem.svg $ The source does not look like drawing commands, just a set of functions of some kind. For instance it does not start with .PS and end with .PE, so whatever chem.pic is it is not a PIC file. Could not find any samples online. So this will have to be considered OK just on the basis of the successful poc test.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Validating update. Advisory in Comment 4 and pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0460.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED