{"url":"http://public2.vulnerablecode.io/api/packages/380026?format=json","purl":"pkg:nuget/directxtex_uwp@2023.1.31.1","type":"nuget","namespace":"","name":"directxtex_uwp","version":"2023.1.31.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360912?format=json","vulnerability_id":"VCID-b8dg-gf2m-77dk","summary":"Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader\n### Impact\nA memory overwrite bug was reported by a security researcher in the **ConvertToSinglePlane** method via the *texconv* command-line tool when given an invalid height for planar video textures such as NV12. This can be a potential security bug for any clients of the library who follow the same pattern.\n\nThis issue *does not* impact use of the DDS texture loader itself, only when combined with `ConvertToSinglePlane` for converting multi-planar video formats. All other functions in the library fail immediately if given images in planar formats.\n\n### Patches\nThe fix to the specific area as well as general hardening can be found in [this PR](https://github.com/microsoft/DirectXTex/pull/307) and will be included in the This bug has been fixed in the January 31, 2023 or later release of DirectXTex.\n\n### Workarounds\nIf your code makes use of **ConvertToSinglePlane**, you can validate that the width & height alignment requirements are met for the input image before calling the function.","references":[{"reference_url":"https://github.com/microsoft/DirectXTex","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/DirectXTex"},{"reference_url":"https://github.com/microsoft/DirectXTex/pull/307","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/DirectXTex/pull/307"},{"reference_url":"https://github.com/microsoft/DirectXTex/security/advisories/GHSA-3w9w-9833-gcpv","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/DirectXTex/security/advisories/GHSA-3w9w-9833-gcpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380026?format=json","purl":"pkg:nuget/directxtex_uwp@2023.1.31.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/directxtex_uwp@2023.1.31.1"}],"aliases":["GHSA-3w9w-9833-gcpv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8dg-gf2m-77dk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/directxtex_uwp@2023.1.31.1"}