Main Vulnerability Database SB2026052681

SB2026052681 - Fedora 45 update for libcaca

Published: May 26, 2026

Security Bulletin ID SB2026052681

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Heap-based buffer overflow (CVE-ID: CVE-2026-42046)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow caused by integer overflow in the canvas import functions when parsing a crafted file in the "caca" format. A remote attacker can supply a specially crafted file to execute arbitrary code.

User interaction is required to open or import the crafted file, and the impact may depend on the build configuration and memory allocator.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2026-1151ae6bdf