StarlingX

[Debian] CVE: CVE-2022-44638: pixman: an out-of-bounds write

Bug #2020727 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2022-44638: https://nvd.nist.gov/vuln/detail/CVE-2022-44638

Base Score: High

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

References:

['libpixman-1-0_0.40.0-1_amd64.deb===>libpixman-1-0_0.40.0-1.1~deb11u1_amd64.deb', 'libpixman-1-dev_0.40.0-1_amd64.deb===>libpixman-1-dev_0.40.0-1.1~deb11u1_amd64.deb']

https://www.debian.org/security/2022/dsa-5276

Tags: stx.9.0

CVE References

Yue Tao (wrytao)
Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.9.0
Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884587

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884587
Committed: https://opendev.org/starlingx/tools/commit/b1497f4be196385a96a14d22e28586c896213602
Submitter: "Zuul (22348)"
Branch: master

commit b1497f4be196385a96a14d22e28586c896213602
Author: Zhixiong Chi <email address hidden>
Date: Thu May 25 17:22:50 2023 +0800

    pixman: fix CVE-2022-44638

    Upgrade libpixman and libpixman-dev to 0.40.0-1.1~deb11u1

    Refer to:
    https://www.debian.org/security/2022/dsa-5276

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean
    Pass: build-image
    Pass: Jenkins Installation
    PASS: dpkg -l |grep pixman
    ii libpixman-1-0:amd64 0.40.0-1.1~deb11u1

    Closes-Bug: 2020727

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: I702e9579370f2e7f866be0e1e2ad6b9c098e8789

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.