OPENSUSE-SU-2022:0100-1
Vulnerability from csaf_opensuse - Published: 2022-03-31 10:01 - Updated: 2022-03-31 10:01Summary
Security update for abcm2ps
Notes
Title of the patch
Security update for abcm2ps
Description of the patch
This update for abcm2ps fixes the following issues:
Update to 8.14.13:
* fix: don't start/stop slurs above/below decorations
* fix: crash when too many notes in a grace note sequence (#102)
* fix: crash when too big value in M: (#103)
* fix: loop or crash when too big width of y (space) (#104)
* fix: bad font definition with SVG output when spaces in font name
* fix: bad check of note length again (#106)
* fix: handle %%staffscale at the global level (#108)
* fix: bad vertical offset of lyrics when mysic line starts with empty staves
Update to 8.14.12:
Fixes:
* crash when '%%break 1' and no measure bar in the tune
* crash when duplicated voice ending on %%staves with repeat variant
* crash when voice duplication with symbols without width
* crash or bad output when null value in %%scale
* problem when only bars in 2 voices followed %%staves of the second voice only
* crash when tuplet error in grace note sequence
* crash when grace note with empty tuplet
* crash when many broken rhythms after a single grace note
* access outside the deco array when error in U:
* crash when !xstem! with no note in the previous voice
* crash on tuplet without any note/rest
* crash when grace notes at end of line and voice overlay
* crash when !trem2! at start of a grace note sequence
* crash when wrong duration in 2 voice overlays and bad ties
* crash when accidental without a note at start of line after K: (CVE-2021-32435)
* array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436)
* loss of left margin after first page since previous commit
* no respect of %%leftmargin with -E or -g
* bad placement of chord symbols when in a music line with only invisible rests
Syntax:
* Accept and remove one or two '%'s at start of all %%beginxxx lines
Generation:
* Move the CSS from XHTML to SVG
Update to 8.14.11:
* fix: error ''staffwidth' too small' when generating sample3.abc
Update to 8.14.10:
* fix: bad glyph when defined by SVG containing 'v' in
* fix: bad check of note length since commit 191fa55
* fix: memory corruption when error in %%staves/%%score
* fix: crash when too big note duration
* fix: crash when staff width too small
Update to 8.14.9:
* fix: bad natural accidental when %%MIDI temperamentequal
Update to 8.14.8:
* fix: no respect the width in %%staffbreak
* fix: don't draw a staff when only %%staffbreak inside
* fix: bad repeat bracket when continued on next line, line starting by a bar
* fix: bad tuplet bracket again when at end of a voice overlay sequence
* fix: bad tuplet bracket when at end of a voice overlay sequence
* handle '%%MIDI temperamentequal '
* accept '^1' and '_1' as microtone accidentals
Patchnames
openSUSE-2022-100
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for abcm2ps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for abcm2ps fixes the following issues:\n\nUpdate to 8.14.13:\n\n* fix: don\u0027t start/stop slurs above/below decorations\n* fix: crash when too many notes in a grace note sequence (#102)\n* fix: crash when too big value in M: (#103)\n* fix: loop or crash when too big width of y (space) (#104)\n* fix: bad font definition with SVG output when spaces in font name\n* fix: bad check of note length again (#106)\n* fix: handle %%staffscale at the global level (#108)\n* fix: bad vertical offset of lyrics when mysic line starts with empty staves\n\nUpdate to 8.14.12:\n\nFixes:\n\n* crash when \u0027%%break 1\u0027 and no measure bar in the tune\n* crash when duplicated voice ending on %%staves with repeat variant\n* crash when voice duplication with symbols without width\n* crash or bad output when null value in %%scale\n* problem when only bars in 2 voices followed %%staves of the second voice only\n* crash when tuplet error in grace note sequence\n* crash when grace note with empty tuplet\n* crash when many broken rhythms after a single grace note\n* access outside the deco array when error in U:\n* crash when !xstem! with no note in the previous voice\n* crash on tuplet without any note/rest\n* crash when grace notes at end of line and voice overlay\n* crash when !trem2! at start of a grace note sequence\n* crash when wrong duration in 2 voice overlays and bad ties\n* crash when accidental without a note at start of line after K: (CVE-2021-32435)\n* array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436)\n* loss of left margin after first page since previous commit\n* no respect of %%leftmargin with -E or -g\n* bad placement of chord symbols when in a music line with only invisible rests\n\nSyntax:\n\n* Accept and remove one or two \u0027%\u0027s at start of all %%beginxxx lines\n\nGeneration:\n\n* Move the CSS from XHTML to SVG\n\nUpdate to 8.14.11:\n\n* fix: error \u0027\u0027staffwidth\u0027 too small\u0027 when generating sample3.abc\n\nUpdate to 8.14.10:\n\n* fix: bad glyph when defined by SVG containing \u0027v\u0027 in\n* fix: bad check of note length since commit 191fa55\n* fix: memory corruption when error in %%staves/%%score\n* fix: crash when too big note duration\n* fix: crash when staff width too small\n\nUpdate to 8.14.9:\n\n* fix: bad natural accidental when %%MIDI temperamentequal\n\nUpdate to 8.14.8:\n\n* fix: no respect the width in %%staffbreak\n* fix: don\u0027t draw a staff when only %%staffbreak inside\n* fix: bad repeat bracket when continued on next line, line starting by a bar\n* fix: bad tuplet bracket again when at end of a voice overlay sequence\n* fix: bad tuplet bracket when at end of a voice overlay sequence\n* handle \u0027%%MIDI temperamentequal \u0027\n* accept \u0027^1\u0027 and \u0027_1\u0027 as microtone accidentals\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-100",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0100-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0100-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ECLDK4M5WWVFFEXTUWXNEHKC3U2NNPCQ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0100-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ECLDK4M5WWVFFEXTUWXNEHKC3U2NNPCQ/"
},
{
"category": "self",
"summary": "SUSE Bug 1197355",
"url": "https://bugzilla.suse.com/1197355"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32434 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32435 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32436 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32436/"
}
],
"title": "Security update for abcm2ps",
"tracking": {
"current_release_date": "2022-03-31T10:01:29Z",
"generator": {
"date": "2022-03-31T10:01:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0100-1",
"initial_release_date": "2022-03-31T10:01:29Z",
"revision_history": [
{
"date": "2022-03-31T10:01:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"product": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"product_id": "abcm2ps-8.14.13-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "abcm2ps-8.14.13-bp153.2.3.1.i586",
"product": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.i586",
"product_id": "abcm2ps-8.14.13-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"product": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"product_id": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "abcm2ps-8.14.13-bp153.2.3.1.s390x",
"product": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.s390x",
"product_id": "abcm2ps-8.14.13-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"product": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"product_id": "abcm2ps-8.14.13-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "abcm2ps-8.14.13-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
},
"product_reference": "abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32434"
}
],
"notes": [
{
"category": "general",
"text": "abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32434",
"url": "https://www.suse.com/security/cve/CVE-2021-32434"
},
{
"category": "external",
"summary": "SUSE Bug 1197355 for CVE-2021-32434",
"url": "https://bugzilla.suse.com/1197355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-31T10:01:29Z",
"details": "moderate"
}
],
"title": "CVE-2021-32434"
},
{
"cve": "CVE-2021-32435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32435"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32435",
"url": "https://www.suse.com/security/cve/CVE-2021-32435"
},
{
"category": "external",
"summary": "SUSE Bug 1197355 for CVE-2021-32435",
"url": "https://bugzilla.suse.com/1197355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-31T10:01:29Z",
"details": "moderate"
}
],
"title": "CVE-2021-32435"
},
{
"cve": "CVE-2021-32436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32436"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32436",
"url": "https://www.suse.com/security/cve/CVE-2021-32436"
},
{
"category": "external",
"summary": "SUSE Bug 1197355 for CVE-2021-32436",
"url": "https://bugzilla.suse.com/1197355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:abcm2ps-8.14.13-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.i586",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:abcm2ps-8.14.13-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-31T10:01:29Z",
"details": "moderate"
}
],
"title": "CVE-2021-32436"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…