VDB

GCVE-110-MAGEIA-2021-167

GCVE-110-MAGEIA-2021-167
Advisory Published
Vulnetix · Advisory published April 2, 2021
This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: * Fix arbitrary data copied from signature header past signature checking (CVE-2021-3421) * Fix signature check bypass with corrupted package (CVE-2021-20271) * Fix missing bounds checks in headerImport() and headerCheck() (CVE-2021-20266) * Fix missing sanity checks on header entry count and region data overlap * Fix access past end of header if the last entry is string type * Fix unsafe headerCopyLoad() still used in codebase

Affected Products

VendorProductVersionsPlatforms
Mageiarawtherapee0 (affected), 5.8-3.1.mga8 (unaffected)
Mageiarpm0 (affected), 4.16.1.3-1.mga8 (unaffected), 0 (affected), 4.16.1.3-1.mga8 (unaffected)

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›