{"id":"USN-4587-1","summary":"italc vulnerabilities","details":"Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors\nand didn't check malloc return values. A remote attacker could use these issues\nto cause a denial of service or possibly execute arbitrary code.\n(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)\n\nJosef Gajdusek discovered that iTALC had heap-based buffer overflow\nvulnerabilities. A remote attacker could used these issues to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)\n\nIt was discovered that iTALC had an out-of-bounds write, multiple heap\nout-of-bounds writes, an infinite loop, improper initializations, and null\npointer vulnerabilities. A remote attacker could used these issues to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2018-15127,\nCVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,\nCVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,\nCVE-2019-15681)\n","modified":"2026-04-27T15:48:23.814272930Z","published":"2020-10-20T16:35:20Z","related":["UBUNTU-CVE-2014-6051","UBUNTU-CVE-2014-6052","UBUNTU-CVE-2014-6053","UBUNTU-CVE-2014-6054","UBUNTU-CVE-2014-6055","UBUNTU-CVE-2016-9941","UBUNTU-CVE-2016-9942","UBUNTU-CVE-2018-15127","UBUNTU-CVE-2018-20019","UBUNTU-CVE-2018-20020","UBUNTU-CVE-2018-20021","UBUNTU-CVE-2018-20022","UBUNTU-CVE-2018-20023","UBUNTU-CVE-2018-20024","UBUNTU-CVE-2018-20748","UBUNTU-CVE-2018-20749","UBUNTU-CVE-2018-20750","UBUNTU-CVE-2018-7225","UBUNTU-CVE-2019-15681"],"upstream":["CVE-2014-6051","CVE-2014-6052","CVE-2014-6053","CVE-2014-6054","CVE-2014-6055","CVE-2016-9941","CVE-2016-9942","CVE-2018-15127","CVE-2018-20019","CVE-2018-20020","CVE-2018-20021","CVE-2018-20022","CVE-2018-20023","CVE-2018-20024","CVE-2018-20748","CVE-2018-20749","CVE-2018-20750","CVE-2018-7225","CVE-2019-15681","UBUNTU-CVE-2014-6051","UBUNTU-CVE-2014-6052","UBUNTU-CVE-2014-6053","UBUNTU-CVE-2014-6054","UBUNTU-CVE-2014-6055","UBUNTU-CVE-2016-9941","UBUNTU-CVE-2016-9942","UBUNTU-CVE-2018-15127","UBUNTU-CVE-2018-20019","UBUNTU-CVE-2018-20020","UBUNTU-CVE-2018-20021","UBUNTU-CVE-2018-20022","UBUNTU-CVE-2018-20023","UBUNTU-CVE-2018-20024","UBUNTU-CVE-2018-20748","UBUNTU-CVE-2018-20749","UBUNTU-CVE-2018-20750","UBUNTU-CVE-2018-7225","UBUNTU-CVE-2019-15681"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4587-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6051"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6052"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6053"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6054"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6055"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9941"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9942"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7225"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-15127"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20019"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20020"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20021"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20022"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20023"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20024"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20748"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20749"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20750"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15681"}],"affected":[{"package":{"name":"italc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/italc@1:2.0.2+dfsg1-4ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.0.2+dfsg1-4ubuntu0.1"}]}],"versions":["1:2.0.2+dfsg1-3","1:2.0.2+dfsg1-4"],"ecosystem_specific":{"binaries":[{"binary_name":"italc-client","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_name":"italc-management-console","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_name":"italc-master","binary_version":"1:2.0.2+dfsg1-4ubuntu0.1"},{"binary_version":"1:2.0.2+dfsg1-4ubuntu0.1","binary_name":"libitalccore"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6051"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6052"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6053"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6054"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6055"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-9941"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-9942"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7225"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-15127"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20019"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20020"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20021"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20022"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20023"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20024"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20748"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20749"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20750"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-15681"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4587-1.json"}}],"schema_version":"1.7.5"}