VDB

MAGEIA-2018-356

MAGEIA-2018-356 PUBLISHED

This update provides libraw 0.18.13 fixing at least the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:parse_qt() function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple QuickTime file (CVE-2018-5815). LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:identify() function. An attacker could exploit this to cause an divide-by-zero and resultant denial of service via a specially crafted NOKIARAW file (CVE-2018-5816). libraw 0.18.13 adds fixes for: * possible stack overrun while reading zero-sized strings * possible integer overflow

Affected Products

VendorProductVersions
Mageialibraw0, 0.18.13-1.mga6

Timeline

  • Aug 31, 2018 CVE Published
  • Feb 17, 2022 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›