Project

General

Profile

Bug #7923

Bug #7922: libraw: multiple issues (CVE-2017-13735, CVE-2017-14265)

[3.7] libraw: multiple issues (CVE-2017-13735, CVE-2017-14265)

Added by Alicha CH about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/27/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in
dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

References:

https://github.com/LibRaw/LibRaw/issues/96
https://nvd.nist.gov/vuln/detail/CVE-2017-13735

CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp
in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

References:

https://github.com/LibRaw/LibRaw/issues/99
https://nvd.nist.gov/vuln/detail/CVE-2017-14265

Patch:

https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60

Associated revisions

Revision 484c933a (diff)
Added by Leonardo Arena 12 months ago

main/libraw: security upgrade to 0.18.5 (CVE-2017-13735, CVE-2017-14265)

fixes #7923

History

#1 Updated by Anonymous 12 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 12 months ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF