Your submission was sent successfully! Close

CVE-2021-4214

Published: 31 December 2021

potential heap overflow issue

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system libpng)
focal Not vulnerable
(uses system libpng)
impish Not vulnerable
(uses system libpng)
jammy Not vulnerable
(uses system libpng)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system libpng)
firefox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not built)
libpng
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
libpng1.6
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not shipped)
focal Not vulnerable
(code not shipped)
impish Not vulnerable
(code not shipped)
jammy Not vulnerable
(code not shipped)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not shipped)
thunderbird
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not built)

Notes

AuthorNote
mdeslaur
The pngimage utility is only used during build to test
well-known inputs. It is not shipped in the resulting binary
packages, so while the vulnerable code exists in the libpng1.6
source package it is not used in an insecure way and is not
present on end-user systems. Marking as not-affected.
Code is not compiled at all in firefox.

References

Bugs