ASA-202011-20 log original external raw

[ASA-202011-20] raptor: arbitrary code execution
Arch Linux Security Advisory ASA-202011-20 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2017-18926 CVE-2020-25713 Package : raptor Type : arbitrary code execution Remote : No Link : Summary ======= The package raptor before version 2.0.15-14 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.0.15-14. # pacman -Syu "raptor>=2.0.15-14" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2017-18926 (arbitrary code execution) raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). - CVE-2020-25713 (arbitrary code execution) A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. Impact ====== A maliciously crafted RDF file can crash the application or execute arbitrary code. References ==========