3.5.0 #10084
Unanswered
akallabeth
asked this question in
Q&A
3.5.0
#10084
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This release focus is on squashing bugs.
The improved test coverage and ci builds revealed a number of previously
unnoticed issues we have addressed and we also got a report from
Evgeny Legerov of Kaspersky Lab identifying a number of out of bound reads
in decoder components and one very nasty out of bound write.
CVE:
CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment
CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data
CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress
Noteworthy changes:
For a complete and detailed change log since the last release run:
git log 3.5.0...3.4.0
This discussion was created from the release 3.5.0.
Beta Was this translation helpful? Give feedback.
All reactions