Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
dev-libs
The dev-libs category contains various miscellaneous programming libraries.
Packages
Stabilization
0
Outdated
117
Pull requests
31
Bugs
923
Security
62
Security Bug Reports
dev-libs/libcroco: multiple vulnerabilities (CVE-2017-{8834,8871})
621258 - Assigned to Gentoo Security
dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)
702930 - Assigned to Gentoo Security
dev-libs/cereal: Multiple vulnerabilities (CVE-2020-{11104,11105})
715538 - Assigned to Gentoo Security
<dev-libs/libsass-3.6.4: multiple vulnerabilities (CVE-2019-18798)
742491 - Assigned to Gentoo Security
dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362)
761412 - Assigned to Gentoo Security
<dev-libs/xerces-c-3.2.5: XML parser contains a use-after-free error triggered during the scanning of external DTDs
770763 - Assigned to Gentoo Security
dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})
799785 - Assigned to Gentoo Security
<dev-libs/botan-2.18.2: ElGamal plaintext recovery (CVE-2021-40529)
811906 - Assigned to Gentoo Security
<dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)
811915 - Assigned to Gentoo Security
<dev-libs/tinyxml-2.6.2-r5: infinite loop (CVE-2021-42260)
817863 - Assigned to Gentoo Security
<dev-libs/libxls-1.6.3: null pointer dereferences
821517 - Assigned to Gentoo Security
<dev-libs/libbpf-0.7.0: multiple vulnerabilities
830368 - Assigned to Gentoo Security
<dev-libs/uriparser-0.9.6: multiple vulnerabilities
830665 - Assigned to Gentoo Security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to Gentoo Security
<dev-libs/oniguruma-6.9.8: oss-fuzz issues fixed
841893 - Assigned to Gentoo Security
<dev-libs/icu-71.1-r1: Heap buffer overflow in V8 Internationalization
843731 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.40: multiple vulnerabilities
845195 - Assigned to Gentoo Security
<dev-libs/botan-2.19.3: OCSP response falsification
881529 - Assigned to Gentoo Security
<dev-libs/capnproto-0.10.4: out-of-bounds read
883777 - Assigned to Gentoo Security
<dev-libs/apr-1.7.2, <dev-libs/apr-util-1.6.3: integer overflow/wraparound in apr_encode (CVE-2022-24963)
893406 - Assigned to Gentoo Security
<dev-libs/libtpms-0.9.6: Out-of-bounds access
898504 - Assigned to Gentoo Security
<dev-libs/confuse-3.3-r2: Heap buffer overflow
901089 - Assigned to Gentoo Security
<dev-libs/log4cxx-1.2.0[odbc]: SQL injection
906115 - Assigned to Gentoo Security
<dev-libs/iniparser-4.1-r1: null pointer dereference
907928 - Assigned to Gentoo Security
<dev-libs/libtommath-1.2.1: Integer overflow
913880 - Assigned to Gentoo Security
dev-libs/zziplib: invalid memory access
918624 - Assigned to Gentoo Security
dev-libs/stb: multiple vulnerabilities
918679 - Assigned to Gentoo Security
dev-libs/crypto++: multiple vulnerabilities
920284 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities
921684 - Assigned to Gentoo Security
dev-libs/modsecurity: WAF bypass
923858 - Assigned to Gentoo Security
<dev-libs/expat-2.6.0 quadratic runtime denial of service
923951 - Assigned to Gentoo Security
<dev-libs/botan-{2.19.4, 3.3.0}: Denial of service via ECC parameters
925147 - Assigned to Gentoo Security
<dev-libs/expat-2.6.2: vulnerable to billion laughs attacks with isolated use of external parsers
926786 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3
930047 - Assigned to Gentoo Security
<dev-libs/uriparser-0.9.8: multiple vulnerabilities
931259 - Assigned to Sebastian Pipping
<dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow
932317 - Assigned to Gentoo Security
<dev-libs/libbson-1.24.4-r1: bson_utf8_validate on some inputs leads to an infinite loop
936109 - Assigned to Gentoo Security
<dev-libs/apr-1.7.5: Unexpected lax shared memory permissions
938542 - Assigned to Gentoo Security
<dev-libs/expat-2.6.3: multiple vulnerabilities
938894 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service
939110 - Assigned to Gentoo Security
<dev-libs/dotconf-1.4.1: Multiple vulnerabilities
939831 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access
941643 - Assigned to Gentoo Security
<dev-libs/expat-2.6.4 - NULL pointer dereference through function XML_ResumeParser
942969 - Assigned to Gentoo Security
<dev-libs/opensc-0.26.0: Multiple vulnerabilities
945083 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: Timing side-channel in ECDSA signature computation
948515 - Assigned to Gentoo Security
<dev-libs/libtasn1-4.20.0: Denial of service
949497 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected
949620 - Assigned to Gentoo Security
<dev-libs/libxslt-1.1.43: Multiple vulnerabilities
951265 - Assigned to Gentoo Security
<dev-libs/expat-2.7.0 can be crashed through long linear chains of entities
951316 - Assigned to Gentoo Security
dev-libs/olm: multiple vulnerabilities
951441 - Assigned to Gentoo Security
dev-libs/xmlrpc-c[-libxml2] uses vulnerable bundle of dev-libs/expat from many years ago
952113 - Assigned to Gentoo Security
<dev-libs/libtpms-0.10.1: Out-of-bound access in HMAC Signing
957795 - Assigned to Gentoo Security
<dev-libs/glib-2.82.1: Buffer overflow in set_connect_msg()
958180 - Assigned to Gentoo Security
<dev-libs/tinyxml2-11.0.0: Problem parsing character encodings
958235 - Assigned to Gentoo Security
<dev-libs/glib-2.82.5: Integer overflow in g_date_time_new_from_iso8601
958287 - Assigned to Gentoo Security
<dev-libs/glib-2.84.2: Buffer underflow via function g_string_insert_unichar
958289 - Assigned to Gentoo Security
<dev-libs/openssl-{3.4.2, 3.5.1}: x509 tool has buggy -addreject option
959654 - Assigned to Gentoo Security
<dev-libs/glib-2.84.4: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()
961874 - Assigned to Gentoo Security
<dev-libs/libxml2-2.13.9: Multiple vulnerabilities
962684 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.46: Out-of-bounds read with attacker-controlled regex pattern
962686 - Assigned to Gentoo Security
<dev-libs/expat-2.7.3: denial of service (large use of heap from small parse input)
962963 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4}: Multiple vulnerabilities
963644 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.