CVE-2018-20549

moderate-risk

Published 2018-12-28

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.

Do I need to act?

0.93% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Libcaca

Ubuntu Linux

Debian Linux

Fedora

Leap

Debian Canonical Fedoraproject Opensuse Libcaca Project

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html

Exploit https://bugzilla.redhat.com/show_bug.cgi?id=1652628

Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

Third Party Advisory https://usn.ubuntu.com/3860-1/

Third Party Advisory https://usn.ubuntu.com/3860-2/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html

Exploit https://bugzilla.redhat.com/show_bug.cgi?id=1652628

Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html

Third Party Advisory https://usn.ubuntu.com/3860-1/

Third Party Advisory https://usn.ubuntu.com/3860-2/

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate