CVE-2021-36489

NameCVE-2021-36489
DescriptionBuffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1032670

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
allegro4.4 (PTS)jessie2:4.4.2-5vulnerable
stretch2:4.4.2-10vulnerable
buster2:4.4.2-13vulnerable
bullseye2:4.4.3.1-2vulnerable
bookworm2:4.4.3.1-3vulnerable
sid, trixie2:4.4.3.1-5vulnerable
allegro5 (PTS)jessie2:5.0.10-3vulnerable
stretch2:5.2.2-1vulnerable
buster2:5.2.4.0-3vulnerable
bullseye2:5.2.6.0-3+deb11u1fixed
bookworm2:5.2.8.0+dfsg-1fixed
sid, trixie2:5.2.10.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
allegro4.4sourcejessie(unfixed)end-of-life
allegro4.4sourcestretch(unfixed)end-of-life
allegro4.4source(unstable)(unfixed)1032670
allegro5sourcejessie(unfixed)end-of-life
allegro5sourcestretch(unfixed)end-of-life
allegro5sourcebullseye2:5.2.6.0-3+deb11u1
allegro5source(unstable)2:5.2.8.0-1

Notes

[bookworm] - allegro4.4 <ignored> (Minor issue)
[bullseye] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro5 <no-dsa> (Minor issue)
https://github.com/liballeg/allegro5/issues/1251
https://github.com/liballeg/allegro5/pull/1253
https://github.com/liballeg/allegro5/commit/3f2dbd494241774d33aaf83910fd05b2a590604a (5.2.8.0)
https://github.com/liballeg/allegro5/commit/cca179bc16827f358153060cd10ac73d394e758c (5.2.8.0)
https://github.com/liballeg/allegro5/commit/a2c93939f6997a96ecac1865dbb4fa3f66b5e1b7 (5.2.8.0)
https://github.com/liballeg/allegro5/commit/0294e28e6135292eab4b2916a7d2223b1bb6843e (5.2.8.0)
In allegro 4.4, code is in src/[pcx|tga].c instead

Search for package or bug name: Reporting problems