Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-20545
CVE-2019-20545:
NixOS vulnerability analysis and mitigation
Overview
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data (CVE Details).
Technical details
The vulnerability affects libcaca version 0.99.beta19 and has a CVSS 3.1 Base Score of 8.8 (High). The attack vector is Network-based, with low attack complexity, requiring no privileges but user interaction. The scope is unchanged, with high impact on confidentiality, integrity, and availability (Ubuntu Security).
Impact
The vulnerability can lead to unauthorized write memory access, potentially allowing attackers to execute arbitrary code or cause system crashes. The impact is rated high for confidentiality, integrity, and availability, indicating significant potential damage to affected systems (Ubuntu Security).
Mitigation and workarounds
The vulnerability has been fixed in multiple distributions including Ubuntu (versions 18.10, 18.04 LTS, 16.04 LTS, and 14.04 LTS) and Fedora. A patch was implemented through commit 3e52dabe3e64dc50f4422effe364a1457a8a8592 in the libcaca repository (Ubuntu Security, CVE Details).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management