[USN-7198-1] rlottie vulnerabilities
Nico Campuzano
nicolas.campuzano at canonical.com
Fri Jan 10 14:29:19 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7198-1
January 10, 2025
rlottie vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in rlottie.
Software Description:
- rlottie: library for rendering vector based animations and art
Details:
Paolo Giai discovered a series of stack-based overflow vulnerabilities in
the blit and gray_render_cubic functions of a custom fork of the rlottie
library. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2021-31315, CVE-2021-31321)
Paolo Giai discovered a series of type confusion vulnerabilities in the
VDasher constructor and the LOTCompLayerItem::LOTCompLayerItem function
of a custom fork of the rlottie library. An attacker could possibly use
this issue to leak sensitive information. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-31317, CVE-2021-31318)
Paolo Giai discovered an integer overflow vulnerability in the
LOTGradient::populate function of a custom fork of the rlottie library.
An attacker could possibly use this issue to leak sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31319)
Paolo Giai discovered a series of heap buffer overflow vulnerabilities
in the VGradientCache::generateGradientColorTable and
LOTGradient::populate functions of a custom fork of the rlottie library.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250110/a658d489/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x945CCA55E4D641EE.asc
Type: application/pgp-keys
Size: 3171 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250110/a658d489/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250110/a658d489/attachment.sig>
More information about the ubuntu-security-announce
mailing list