MGASA-2017-0357
- Source
- https://advisories.mageia.org/MGASA-2017-0357.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0357.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0357
- Related
- Published
- 2017-10-05T20:08:40Z
- Modified
- 2017-10-05T19:44:41Z
- Summary
- Updated libraw packages fix security vulnerabilities
- Details
-
There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. (CVE-2017-13735)
A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. (CVE-2017-14265)
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. (CVE-2017-14348)
- References
-
- https://advisories.mageia.org/MGASA-2017-0357.html
- https://bugs.mageia.org/show_bug.cgi?id=21716
- https://lists.opensuse.org/opensuse-updates/2017-09/msg00099.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4OTWHVODHFROYHMCNRUAZHNZDBH7YSPO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OPKCTEX7MK4ILYKIBQBK3VBM5U5CRJKK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TVI7PQ5NTNFOL4EQTLNZOPGCDLKJKXST/
- https://www.libraw.org/news/libraw-0-18-4
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / libraw
Package
- Name
- libraw
- Purl
- pkg:rpm/mageia/libraw?distro=mageia-5
Mageia:6 / libraw
Package
- Name
- libraw
- Purl
- pkg:rpm/mageia/libraw?distro=mageia-6