{"id":"MGASA-2021-0549","summary":"Updated curaengine packages fix security vulnerability","details":"Buffer overflow vulnerability in function stbi__extend_receive in\nstb_image.h in stb 2.26 via a crafted JPEG file. (CVE-2021-28021)\n\nAn issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR\nloader parsed truncated end-of-file RLE scanlines as an infinite sequence\nof zero-length runs. An attacker could potentially have caused denial of\nservice in applications using stb_image by submitting crafted HDR files.\n(CVE-2021-42715)\n\nAn issue was discovered in stb stb_image.h 2.27. The PNM loader\nincorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA,\nleading to a buffer overflow when later reinterpreting the result as a\n16-bit buffer. An attacker could potentially have crashed a service using\nstb_image, or read up to 1024 bytes of non-consecutive heap data without\ncontrol over the read location. (CVE-2021-42716)\n","modified":"2026-04-16T00:09:16.510243824Z","published":"2021-12-10T22:19:07Z","upstream":["CVE-2021-28021","CVE-2021-42715","CVE-2021-42716"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0549.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29622"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/"}],"affected":[{"package":{"name":"curaengine","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/curaengine?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.8.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0549.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}