Libcaca
CVE-2018-20549
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
AnalysisAI
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Affected products include: Libcaca Project Libcaca, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Ra
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Ra
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp dat
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the defau
A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attac
A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attac
A flaw was found in libcaca v0.99.beta19. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. P
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Ser
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Rated medium se
libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today