Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-15540 (GCVE-0-2019-15540)
Vulnerability from cvelistv5 – Published: 2019-08-25 16:43 – Updated: 2024-08-05 00:49
VLAI?
EPSS
Summary
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"name": "openSUSE-SU-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"name": "openSUSE-SU-2019:2040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"name": "openSUSE-SU-2019:2077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-06T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"name": "openSUSE-SU-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"name": "openSUSE-SU-2019:2040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"name": "openSUSE-SU-2019:2077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/cdemu/bugs/119/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"name": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"name": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e",
"refsource": "MISC",
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"name": "openSUSE-SU-2019:2033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"name": "openSUSE-SU-2019:2040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"name": "openSUSE-SU-2019:2077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15540",
"datePublished": "2019-08-25T16:43:54",
"dateReserved": "2019-08-25T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-15540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-25T17:15:10.480\",\"lastModified\":\"2024-11-21T04:28:58.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.\"},{\"lang\":\"es\",\"value\":\"filters / filter-cso / filter-stream.c en el filtro CSO en libMirage 3.2.2 en CDemu no valida parte del tama\u00f1o, lo que desencadena un desbordamiento de b\u00fafer que puede conducir al acceso de root por parte de un usuario local de Linux.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cdemu:libmirage:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F89A30-EA96-4F72-8160-459DF928515C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/cdemu/bugs/119/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/cdemu/bugs/119/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
GHSA-QFRC-63X9-X275
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI?
Details
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
{
"affected": [],
"aliases": [
"CVE-2019-15540"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-25T17:15:00Z",
"severity": "HIGH"
},
"details": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"id": "GHSA-qfrc-63x9-x275",
"modified": "2022-05-24T16:54:43Z",
"published": "2022-05-24T16:54:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15540"
},
{
"type": "WEB",
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/cdemu/bugs/119"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
OPENSUSE-SU-2019:2077-1
Vulnerability from csaf_opensuse - Published: 2019-09-06 08:21 - Updated: 2019-09-06 08:21Summary
Security update for libmirage
Notes
Title of the patch
Security update for libmirage
Description of the patch
This update for libmirage fixes the following issues:
CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access by a local user.
[boo#1148087]
- Update to new upstream release 3.2.2
* ISO parser: fixed ISO9660/UDF pattern search for sector
sizes 2332 and 2336.
* ISO parser: added support for Nintendo GameCube and Wii
ISO images.
* Extended medium type guess to distinguish between DVD and
BluRay images based on length.
* Removed fabrication of disc structures from the library
(moved to CDEmu daemon).
* MDS parser: cleanup of disc structure parsing, fixed the
incorrectly set structure sizes.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames
openSUSE-2019-2077
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libmirage",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libmirage fixes the following issues:\n\nCVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,\ntriggering a heap-based buffer overflow that could lead to root access by a local user.\n[boo#1148087]\n\n- Update to new upstream release 3.2.2\n * ISO parser: fixed ISO9660/UDF pattern search for sector\n sizes 2332 and 2336.\n * ISO parser: added support for Nintendo GameCube and Wii\n ISO images.\n * Extended medium type guess to distinguish between DVD and\n BluRay images based on length.\n * Removed fabrication of disc structures from the library\n (moved to CDEmu daemon).\n * MDS parser: cleanup of disc structure parsing, fixed the\n incorrectly set structure sizes.\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2077",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2077-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2077-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5RA6THTK6UZUJQU56AIXU4INYRAVL57T/#5RA6THTK6UZUJQU56AIXU4INYRAVL57T"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2077-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5RA6THTK6UZUJQU56AIXU4INYRAVL57T/#5RA6THTK6UZUJQU56AIXU4INYRAVL57T"
},
{
"category": "self",
"summary": "SUSE Bug 1148087",
"url": "https://bugzilla.suse.com/1148087"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15540/"
}
],
"title": "Security update for libmirage",
"tracking": {
"current_release_date": "2019-09-06T08:21:33Z",
"generator": {
"date": "2019-09-06T08:21:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2077-1",
"initial_release_date": "2019-09-06T08:21:33Z",
"revision_history": [
{
"date": "2019-09-06T08:21:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"product": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"product_id": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"product": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"product_id": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-bp151.4.3.1.aarch64",
"product": {
"name": "libmirage11-3.2.2-bp151.4.3.1.aarch64",
"product_id": "libmirage11-3.2.2-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-data-3.2.2-bp151.4.3.1.noarch",
"product": {
"name": "libmirage-data-3.2.2-bp151.4.3.1.noarch",
"product_id": "libmirage-data-3.2.2-bp151.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"product": {
"name": "libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"product_id": "libmirage-lang-3.2.2-bp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"product": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"product_id": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"product": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"product_id": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"product": {
"name": "libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"product_id": "libmirage11-3.2.2-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"product": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"product_id": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"product": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"product_id": "libmirage-devel-3.2.2-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-bp151.4.3.1.s390x",
"product": {
"name": "libmirage11-3.2.2-bp151.4.3.1.s390x",
"product_id": "libmirage11-3.2.2-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"product": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"product_id": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"product": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"product_id": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-bp151.4.3.1.x86_64",
"product": {
"name": "libmirage11-3.2.2-bp151.4.3.1.x86_64",
"product_id": "libmirage11-3.2.2-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.2-bp151.4.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-data-3.2.2-bp151.4.3.1.noarch"
},
"product_reference": "libmirage-data-3.2.2-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.2-bp151.4.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage-lang-3.2.2-bp151.4.3.1.noarch"
},
"product_reference": "libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.2-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-data-3.2.2-bp151.4.3.1.noarch"
},
"product_reference": "libmirage-data-3.2.2-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.2-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage-lang-3.2.2-bp151.4.3.1.noarch"
},
"product_reference": "libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "libmirage11-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-15540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15540"
}
],
"notes": [
{
"category": "general",
"text": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15540",
"url": "https://www.suse.com/security/cve/CVE-2019-15540"
},
{
"category": "external",
"summary": "SUSE Bug 1148087 for CVE-2019-15540",
"url": "https://bugzilla.suse.com/1148087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-3_2-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-data-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage-devel-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libmirage-lang-3.2.2-bp151.4.3.1.noarch",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libmirage11-3.2.2-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.s390x",
"SUSE Package Hub 15:typelib-1_0-libmirage-3_2-3.2.2-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-06T08:21:33Z",
"details": "important"
}
],
"title": "CVE-2019-15540"
}
]
}
OPENSUSE-SU-2019:2033-1
Vulnerability from csaf_opensuse - Published: 2019-08-31 14:21 - Updated: 2019-08-31 14:21Summary
Security update for libmirage
Notes
Title of the patch
Security update for libmirage
Description of the patch
This update for libmirage fixes the following issues:
CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access by a local user.
[boo#1148087]
- Update to new upstream release 3.2.2
* ISO parser: fixed ISO9660/UDF pattern search for sector
sizes 2332 and 2336.
* ISO parser: added support for Nintendo GameCube and Wii
ISO images.
* Extended medium type guess to distinguish between DVD and
BluRay images based on length.
* Removed fabrication of disc structures from the library
(moved to CDEmu daemon).
* MDS parser: cleanup of disc structure parsing, fixed the
incorrectly set structure sizes.
Patchnames
openSUSE-2019-2033
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libmirage",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libmirage fixes the following issues:\n\nCVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,\ntriggering a heap-based buffer overflow that could lead to root access by a local user.\n[boo#1148087]\n\n- Update to new upstream release 3.2.2\n * ISO parser: fixed ISO9660/UDF pattern search for sector\n sizes 2332 and 2336.\n * ISO parser: added support for Nintendo GameCube and Wii\n ISO images.\n * Extended medium type guess to distinguish between DVD and\n BluRay images based on length.\n * Removed fabrication of disc structures from the library\n (moved to CDEmu daemon).\n * MDS parser: cleanup of disc structure parsing, fixed the\n incorrectly set structure sizes.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2033",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2033-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2033-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AUXYDY763KIJOAZ4TN3KVXUOAF2N6LCY/#AUXYDY763KIJOAZ4TN3KVXUOAF2N6LCY"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2033-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AUXYDY763KIJOAZ4TN3KVXUOAF2N6LCY/#AUXYDY763KIJOAZ4TN3KVXUOAF2N6LCY"
},
{
"category": "self",
"summary": "SUSE Bug 1148087",
"url": "https://bugzilla.suse.com/1148087"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15540/"
}
],
"title": "Security update for libmirage",
"tracking": {
"current_release_date": "2019-08-31T14:21:27Z",
"generator": {
"date": "2019-08-31T14:21:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2033-1",
"initial_release_date": "2019-08-31T14:21:27Z",
"revision_history": [
{
"date": "2019-08-31T14:21:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmirage-data-3.2.2-lp151.3.3.1.noarch",
"product": {
"name": "libmirage-data-3.2.2-lp151.3.3.1.noarch",
"product_id": "libmirage-data-3.2.2-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"product": {
"name": "libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"product_id": "libmirage-lang-3.2.2-lp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"product": {
"name": "libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"product_id": "libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"product": {
"name": "libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"product_id": "libmirage-devel-3.2.2-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-lp151.3.3.1.x86_64",
"product": {
"name": "libmirage11-3.2.2-lp151.3.3.1.x86_64",
"product_id": "libmirage11-3.2.2-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
},
"product_reference": "libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libmirage-data-3.2.2-lp151.3.3.1.noarch"
},
"product_reference": "libmirage-data-3.2.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libmirage-devel-3.2.2-lp151.3.3.1.x86_64"
},
"product_reference": "libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libmirage-lang-3.2.2-lp151.3.3.1.noarch"
},
"product_reference": "libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libmirage11-3.2.2-lp151.3.3.1.x86_64"
},
"product_reference": "libmirage11-3.2.2-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-15540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15540"
}
],
"notes": [
{
"category": "general",
"text": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-data-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage11-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15540",
"url": "https://www.suse.com/security/cve/CVE-2019-15540"
},
{
"category": "external",
"summary": "SUSE Bug 1148087 for CVE-2019-15540",
"url": "https://bugzilla.suse.com/1148087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-data-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage11-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libmirage-3_2-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-data-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage-devel-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libmirage-lang-3.2.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:libmirage11-3.2.2-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-31T14:21:27Z",
"details": "important"
}
],
"title": "CVE-2019-15540"
}
]
}
OPENSUSE-SU-2024:10957-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libmirage-3_2-3.2.5-1.3 on GA media
Notes
Title of the patch
libmirage-3_2-3.2.5-1.3 on GA media
Description of the patch
These are all security issues fixed in the libmirage-3_2-3.2.5-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10957
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libmirage-3_2-3.2.5-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libmirage-3_2-3.2.5-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10957",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10957-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15757 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15757/"
}
],
"title": "libmirage-3_2-3.2.5-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10957-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage-3_2-3.2.5-1.3.aarch64",
"product_id": "libmirage-3_2-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage-data-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage-data-3.2.5-1.3.aarch64",
"product_id": "libmirage-data-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage-devel-3.2.5-1.3.aarch64",
"product_id": "libmirage-devel-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage-lang-3.2.5-1.3.aarch64",
"product_id": "libmirage-lang-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage-vala-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage-vala-3.2.5-1.3.aarch64",
"product_id": "libmirage-vala-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.5-1.3.aarch64",
"product": {
"name": "libmirage11-3.2.5-1.3.aarch64",
"product_id": "libmirage11-3.2.5-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage-3_2-3.2.5-1.3.ppc64le",
"product_id": "libmirage-3_2-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage-data-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage-data-3.2.5-1.3.ppc64le",
"product_id": "libmirage-data-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage-devel-3.2.5-1.3.ppc64le",
"product_id": "libmirage-devel-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage-lang-3.2.5-1.3.ppc64le",
"product_id": "libmirage-lang-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage-vala-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage-vala-3.2.5-1.3.ppc64le",
"product_id": "libmirage-vala-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.5-1.3.ppc64le",
"product": {
"name": "libmirage11-3.2.5-1.3.ppc64le",
"product_id": "libmirage11-3.2.5-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"product_id": "typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.5-1.3.s390x",
"product": {
"name": "libmirage-3_2-3.2.5-1.3.s390x",
"product_id": "libmirage-3_2-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libmirage-data-3.2.5-1.3.s390x",
"product": {
"name": "libmirage-data-3.2.5-1.3.s390x",
"product_id": "libmirage-data-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.5-1.3.s390x",
"product": {
"name": "libmirage-devel-3.2.5-1.3.s390x",
"product_id": "libmirage-devel-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.5-1.3.s390x",
"product": {
"name": "libmirage-lang-3.2.5-1.3.s390x",
"product_id": "libmirage-lang-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libmirage-vala-3.2.5-1.3.s390x",
"product": {
"name": "libmirage-vala-3.2.5-1.3.s390x",
"product_id": "libmirage-vala-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.5-1.3.s390x",
"product": {
"name": "libmirage11-3.2.5-1.3.s390x",
"product_id": "libmirage11-3.2.5-1.3.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"product_id": "typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage-3_2-3.2.5-1.3.x86_64",
"product_id": "libmirage-3_2-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-data-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage-data-3.2.5-1.3.x86_64",
"product_id": "libmirage-data-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage-devel-3.2.5-1.3.x86_64",
"product_id": "libmirage-devel-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage-lang-3.2.5-1.3.x86_64",
"product_id": "libmirage-lang-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-vala-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage-vala-3.2.5-1.3.x86_64",
"product_id": "libmirage-vala-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.5-1.3.x86_64",
"product": {
"name": "libmirage11-3.2.5-1.3.x86_64",
"product_id": "libmirage11-3.2.5-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage-3_2-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage-3_2-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x"
},
"product_reference": "libmirage-3_2-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage-3_2-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage-data-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage-data-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x"
},
"product_reference": "libmirage-data-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage-data-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage-devel-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage-devel-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x"
},
"product_reference": "libmirage-devel-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage-devel-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage-lang-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage-lang-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x"
},
"product_reference": "libmirage-lang-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage-lang-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-vala-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage-vala-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-vala-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage-vala-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-vala-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x"
},
"product_reference": "libmirage-vala-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-vala-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage-vala-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64"
},
"product_reference": "libmirage11-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le"
},
"product_reference": "libmirage11-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x"
},
"product_reference": "libmirage11-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64"
},
"product_reference": "libmirage11-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-15540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15540"
}
],
"notes": [
{
"category": "general",
"text": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15540",
"url": "https://www.suse.com/security/cve/CVE-2019-15540"
},
{
"category": "external",
"summary": "SUSE Bug 1148087 for CVE-2019-15540",
"url": "https://bugzilla.suse.com/1148087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15540"
},
{
"cve": "CVE-2019-15757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15757"
}
],
"notes": [
{
"category": "general",
"text": "libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15757",
"url": "https://www.suse.com/security/cve/CVE-2019-15757"
},
{
"category": "external",
"summary": "SUSE Bug 1148728 for CVE-2019-15757",
"url": "https://bugzilla.suse.com/1148728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-3_2-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-data-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-devel-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-lang-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage-vala-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:libmirage11-3.2.5-1.3.x86_64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.aarch64",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.s390x",
"openSUSE Tumbleweed:typelib-1_0-libmirage-3_2-3.2.5-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-15757"
}
]
}
OPENSUSE-SU-2019:2040-1
Vulnerability from csaf_opensuse - Published: 2019-08-31 18:20 - Updated: 2019-08-31 18:20Summary
Security update for libmirage
Notes
Title of the patch
Security update for libmirage
Description of the patch
This update for libmirage fixes the following issues:
CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access by a local user.
[boo#1148087]
- Update to new upstream release 3.2.2
* ISO parser: fixed ISO9660/UDF pattern search for sector
sizes 2332 and 2336.
* ISO parser: added support for Nintendo GameCube and Wii
ISO images.
* Extended medium type guess to distinguish between DVD and
BluRay images based on length.
* Removed fabrication of disc structures from the library
(moved to CDEmu daemon).
* MDS parser: cleanup of disc structure parsing, fixed the
incorrectly set structure sizes.
Patchnames
openSUSE-2019-2040
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libmirage",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libmirage fixes the following issues:\n\nCVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,\ntriggering a heap-based buffer overflow that could lead to root access by a local user.\n[boo#1148087]\n\n- Update to new upstream release 3.2.2\n * ISO parser: fixed ISO9660/UDF pattern search for sector\n sizes 2332 and 2336.\n * ISO parser: added support for Nintendo GameCube and Wii\n ISO images.\n * Extended medium type guess to distinguish between DVD and\n BluRay images based on length.\n * Removed fabrication of disc structures from the library\n (moved to CDEmu daemon).\n * MDS parser: cleanup of disc structure parsing, fixed the\n incorrectly set structure sizes.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2040",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2040-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2040-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CT7C2RPLVDLPBVXHZVD6NM6R6GZCLI4A/#CT7C2RPLVDLPBVXHZVD6NM6R6GZCLI4A"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2040-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CT7C2RPLVDLPBVXHZVD6NM6R6GZCLI4A/#CT7C2RPLVDLPBVXHZVD6NM6R6GZCLI4A"
},
{
"category": "self",
"summary": "SUSE Bug 1148087",
"url": "https://bugzilla.suse.com/1148087"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15540/"
}
],
"title": "Security update for libmirage",
"tracking": {
"current_release_date": "2019-08-31T18:20:33Z",
"generator": {
"date": "2019-08-31T18:20:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2040-1",
"initial_release_date": "2019-08-31T18:20:33Z",
"revision_history": [
{
"date": "2019-08-31T18:20:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmirage-data-3.2.2-lp150.2.3.1.noarch",
"product": {
"name": "libmirage-data-3.2.2-lp150.2.3.1.noarch",
"product_id": "libmirage-data-3.2.2-lp150.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"product": {
"name": "libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"product_id": "libmirage-lang-3.2.2-lp150.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"product": {
"name": "libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"product_id": "libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"product": {
"name": "libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"product_id": "libmirage-devel-3.2.2-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmirage11-3.2.2-lp150.2.3.1.x86_64",
"product": {
"name": "libmirage11-3.2.2-lp150.2.3.1.x86_64",
"product_id": "libmirage11-3.2.2-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"product": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"product_id": "typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-3_2-3.2.2-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
},
"product_reference": "libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-data-3.2.2-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmirage-data-3.2.2-lp150.2.3.1.noarch"
},
"product_reference": "libmirage-data-3.2.2-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-devel-3.2.2-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmirage-devel-3.2.2-lp150.2.3.1.x86_64"
},
"product_reference": "libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage-lang-3.2.2-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmirage-lang-3.2.2-lp150.2.3.1.noarch"
},
"product_reference": "libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmirage11-3.2.2-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmirage11-3.2.2-lp150.2.3.1.x86_64"
},
"product_reference": "libmirage11-3.2.2-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
},
"product_reference": "typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-15540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15540"
}
],
"notes": [
{
"category": "general",
"text": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-data-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage11-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15540",
"url": "https://www.suse.com/security/cve/CVE-2019-15540"
},
{
"category": "external",
"summary": "SUSE Bug 1148087 for CVE-2019-15540",
"url": "https://bugzilla.suse.com/1148087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-data-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage11-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libmirage-3_2-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-data-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage-devel-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libmirage-lang-3.2.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:libmirage11-3.2.2-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:typelib-1_0-libmirage-3_2-3.2.2-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-31T18:20:33Z",
"details": "important"
}
],
"title": "CVE-2019-15540"
}
]
}
CNVD-2020-44867
Vulnerability from cnvd - Published: 2020-08-07
VLAI Severity ?
Title
libMirage缓冲区溢出漏洞
Description
libMirage是一款用C语言编写的、基于GLib的CD-ROM映像访问库。CDemu是一款免费、开源的虚拟驱动器软件,旨在模拟Linux操作系统上的光驱和光盘。
CDemu中的libMirage 3.2.2中的CSO过滤器中的filters/filter-cso/filter-stream.c存在堆缓冲区溢出漏洞,该漏洞源于filters/filter-cso/filter-stream.c未验证part大小,本地Linux用户可利用该漏洞回去root访问权限。
Severity
高
Patch Name
libMirage缓冲区溢出漏洞的补丁
Patch Description
libMirage是一款用C语言编写的、基于GLib的CD-ROM映像访问库。CDemu是一款免费、开源的虚拟驱动器软件,旨在模拟Linux操作系统上的光驱和光盘。
CDemu中的libMirage 3.2.2中的CSO过滤器中的filters/filter-cso/filter-stream.c存在堆缓冲区溢出漏洞,该漏洞源于filters/filter-cso/filter-stream.c未验证part大小,本地Linux用户可利用该漏洞回去root访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-15540
Impacted products
| Name | libMirage libMirage 3.2.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-15540",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-15540"
}
},
"description": "libMirage\u662f\u4e00\u6b3e\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u3001\u57fa\u4e8eGLib\u7684CD-ROM\u6620\u50cf\u8bbf\u95ee\u5e93\u3002CDemu\u662f\u4e00\u6b3e\u514d\u8d39\u3001\u5f00\u6e90\u7684\u865a\u62df\u9a71\u52a8\u5668\u8f6f\u4ef6\uff0c\u65e8\u5728\u6a21\u62dfLinux\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u7684\u5149\u9a71\u548c\u5149\u76d8\u3002\n\nCDemu\u4e2d\u7684libMirage 3.2.2\u4e2d\u7684CSO\u8fc7\u6ee4\u5668\u4e2d\u7684filters/filter-cso/filter-stream.c\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8efilters/filter-cso/filter-stream.c\u672a\u9a8c\u8bc1part\u5927\u5c0f\uff0c\u672c\u5730Linux\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u56de\u53bbroot\u8bbf\u95ee\u6743\u9650\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-44867",
"openTime": "2020-08-07",
"patchDescription": "libMirage\u662f\u4e00\u6b3e\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u3001\u57fa\u4e8eGLib\u7684CD-ROM\u6620\u50cf\u8bbf\u95ee\u5e93\u3002CDemu\u662f\u4e00\u6b3e\u514d\u8d39\u3001\u5f00\u6e90\u7684\u865a\u62df\u9a71\u52a8\u5668\u8f6f\u4ef6\uff0c\u65e8\u5728\u6a21\u62dfLinux\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u7684\u5149\u9a71\u548c\u5149\u76d8\u3002\r\n\r\nCDemu\u4e2d\u7684libMirage 3.2.2\u4e2d\u7684CSO\u8fc7\u6ee4\u5668\u4e2d\u7684filters/filter-cso/filter-stream.c\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8efilters/filter-cso/filter-stream.c\u672a\u9a8c\u8bc1part\u5927\u5c0f\uff0c\u672c\u5730Linux\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u56de\u53bbroot\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libMirage\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "libMirage libMirage 3.2.2"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15540",
"serverity": "\u9ad8",
"submitTime": "2019-08-26",
"title": "libMirage\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
GSD-2019-15540
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-15540",
"description": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"id": "GSD-2019-15540",
"references": [
"https://www.suse.com/security/cve/CVE-2019-15540.html",
"https://advisories.mageia.org/CVE-2019-15540.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-15540"
],
"details": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",
"id": "GSD-2019-15540",
"modified": "2023-12-13T01:23:38.294868Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/cdemu/bugs/119/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"name": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"name": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e",
"refsource": "MISC",
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"name": "openSUSE-SU-2019:2033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"name": "openSUSE-SU-2019:2040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"name": "openSUSE-SU-2019:2077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cdemu:libmirage:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15540"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"name": "https://sourceforge.net/p/cdemu/bugs/119/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"name": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"name": "openSUSE-SU-2019:2033",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"name": "openSUSE-SU-2019:2040",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"name": "openSUSE-SU-2019:2077",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-08-25T17:15Z"
}
}
}
FKIE_CVE-2019-15540
Vulnerability from fkie_nvd - Published: 2019-08-25 17:15 - Updated: 2024-11-21 04:28
Severity ?
Summary
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cdemu:libmirage:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F89A30-EA96-4F72-8160-459DF928515C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."
},
{
"lang": "es",
"value": "filters / filter-cso / filter-stream.c en el filtro CSO en libMirage 3.2.2 en CDemu no valida parte del tama\u00f1o, lo que desencadena un desbordamiento de b\u00fafer que puede conducir al acceso de root por parte de un usuario local de Linux."
}
],
"id": "CVE-2019-15540",
"lastModified": "2024-11-21T04:28:58.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-25T17:15:10.480",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/bugs/119/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…