Updated curaengine & blender packages fix security vulnerability
Publication date: 25 Mar 2024Modification date: 25 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-28041
Description
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2022-28041)
References
- https://bugs.mageia.org/show_bug.cgi?id=30366
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SEQGDVH43YW7AG7TRU2CTU5TMIYP27WP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHTD76NDEN77KCPI3XGGK2VVSA25WWEG/
- https://www.blender.org/download/lts/3-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28041
SRPMS
9/core
- curaengine-4.12.1-3.1.mga9
- blender-3.3.16-1.mga9