[3.6] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910)
An error within the “LibRaw::xtrans_interpolate()” function
(internal/dcraw_common.cpp) can be exploited to cause an
invalid read memory access and subsequently cause a crash via a
specially crafted TIFF image.
Fixed In Version:
LibRaw 0.18.6
References:
https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910
Patch:
https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
(from redmine: issue id 8340, created on 2017-12-21, closed on 2018-02-20)
- Relations:
- parent #8337 (closed)
- Changesets:
- Revision 7ad00f09 by Natanael Copa on 2018-02-20T13:55:17Z:
main/libraw: security upgrade to 0.18.6 (CVE-2017-16910)
fixes #8340