Bug#993375: gtkpod: CVE-2021-37231 - stack-buffer overflow in embedded AtomicParsley code, APar_readX

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#993375: gtkpod: CVE-2021-37231 - stack-buffer overflow in embedded AtomicParsley code, APar_readX
From: Neil Williams <codehelp@debian.org>
Date: Tue, 31 Aug 2021 15:19:51 +0100
Message-id: <[🔎] 163041959190.7014.12267647351124817452.reportbug@felix.codehelp>
Reply-to: Neil Williams <codehelp@debian.org>, 993375@bugs.debian.org

Package: gtkpod
Version: 2.1.5-8
Severity: important
Tags: security

gtkpod embeds a vulnerable version of AtomicParsley, however, the data file used to
test atomicparsley upstream is not recognised by gtkpod.

https://github.com/wez/atomicparsley/issues/30

https://sources.debian.org/src/gtkpod/2.1.5-8/libs/atomic-parsley/AP_AtomExtracts.cpp/#L1117

See also #993372

Reply to:

Prev by Date: Bug#993373: Subject: [PATCH 2/2] Fix use-after-free bug in realpath()
Next by Date: Bug#993376: gtkpod: CVE-2021-32732 - stack overflow in embedded AtomicParsley code APar_read64
Previous by thread: Bug#993373: Use-after-free bug in realpath()
Next by thread: Bug#993376: gtkpod: CVE-2021-32732 - stack overflow in embedded AtomicParsley code APar_read64
Index(es):
- Date
- Thread