MGASA-2017-0137

Source
https://advisories.mageia.org/MGASA-2017-0137.html
Import Source
https://advisories.mageia.org/MGASA-2017-0137.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0137
Related
Published
2017-05-10T20:47:44Z
Modified
2017-05-10T20:29:20Z
Summary
Updated feh package fixes security vulnerability
Details

Updated feh package to fix a double-free/OOB-write in E17 IPC. This was a potential security issue as a malicious X11 app running alongside feh and pretending to be an E17 window manager could have had access to out-of-bound memory. Security vulnerability: CVE-2017-7875

References
Credits

Affected packages

Mageia:5 / feh

Package

Name
feh
Purl
pkg:rpm/mageia/feh?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.18.3-1.mga5

Ecosystem specific

{
    "section": "core"
}