cloudcompare-2.11.3-4.fc38
Automatic update for cloudcompare-2.11.3-4.fc38.
* Thu Aug 25 2022 Miro Hrončok <mhroncok@redhat.com> – 2.11.3-4
– Security fix for CVE-2021-21897
– Fixes: rhbz#2080986
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
In LibRaw, there is an out-of-bounds write vulnerability within the “new_node()” function (librawsrcx3fx3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (librawsrcx3fx3f_utils_patched.cpp) when reading data from an image file.
In LibRaw, an out-of-bounds read vulnerability exists within the “simple_decode_row()” function (librawsrcx3fx3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
