github hpjansson/chafa 1.12.1
Chafa 1.12.1

latest releases: 1.14.0, 1.12.5, 1.12.4...
21 months ago

This release fixes one important input validation bug and several instances of undefined behavior revealed by fuzzing.

  • Increased GLib minimum version to 2.20.

  • Added 12 new test inputs, including bad inputs to handle gracefully.

  • Added a few symbols to API documentation that were accidentally left out.

  • Bug fixes:

    • huntr.dev CVE-2022-2061: Out-of-bounds read in libnsgif's lzw_decode() (@sudhackar of CrowdStrike).
    • [unfiled] Undefined behavior in libnsgif due to uninitialized frame fields.
    • [unfiled] Signed integer overflow in chafa_pack_color().
    • [unfiled] Integer overflow in normalization pass on some images.
    • [unfiled] Potential unaligned access with corrupt XWD images.
    • [unfiled] Integer overflow in quantization on some images.
    • [unfiled] Calculating offset from NULL pointer in LodePNG.

Don't miss a new chafa release

NewReleases is sending notifications on new releases.