MGASA-2017-0359
- Source
- https://advisories.mageia.org/MGASA-2017-0359.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0359.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0359
- Related
- Published
- 2017-10-05T20:37:56Z
- Modified
- 2017-10-05T20:15:44Z
- Summary
- Updated rawtherapee packages fix security vulnerabilities
- Details
-
It was discovered that rawtherapee had a floating point exception in the kodakradcload_raw function in dcraw.cc (CVE-2017-13735).
It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c (CVE-2017-14348).
It was discovered that rawtherapee had a Stack Buffer Overflow in xtrans_interpolate in dcraw.c that could allow a remote denial of service and code execution attack (CVE-2017-14265).
- References
-
- https://advisories.mageia.org/MGASA-2017-0359.html
- https://bugs.mageia.org/show_bug.cgi?id=21755
- https://github.com/Beep6581/RawTherapee/issues/4061
- https://github.com/Beep6581/RawTherapee/issues/4084
- https://github.com/LibRaw/LibRaw/issues/99
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TVI7PQ5NTNFOL4EQTLNZOPGCDLKJKXST/
- https://www.libraw.org/news/libraw-0-18-4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / rawtherapee
Package
- Name
- rawtherapee
- Purl
- pkg:rpm/mageia/rawtherapee?distro=mageia-6
Mageia:5 / rawtherapee
Package
- Name
- rawtherapee
- Purl
- pkg:rpm/mageia/rawtherapee?distro=mageia-5