Описание
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libraw | fixed | 0.15.3-1 | package | |
| libraw | no-dsa | wheezy | package | |
| libraw | not-affected | squeeze | package | |
| libkdcraw | fixed | 24.12.0-1 | package | |
| libkdcraw | no-dsa | wheezy | package | |
| darktable | fixed | 1.2.1-2 | package | |
| kdegraphics | removed | package | ||
| kdegraphics | not-affected | squeeze | package |
Примечания
Not suitable for code injection, no security impact for an enduser application like Darktable
https://www.openwall.com/lists/oss-security/2013/05/28/3
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
Back in 2013, libkdcraw was fixed in 4:4.10.5-2 and later on removed and then
re-introduced in sid without the epoch, so now marking 24.12.0-1 as the first
upload to sid as the new fixed version, current libkdcraw uses the system-wide libraw
Связанные уязвимости
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации