Описание
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libraw | fixed | 0.17.1-1 | package | |
| libraw | fixed | 0.16.0-9+deb8u2 | jessie | package |
| libraw | not-affected | wheezy | package | |
| libraw | not-affected | squeeze | package | |
| dcraw | fixed | 9.28-1 | package | |
| dcraw | no-dsa | stretch | package | |
| dcraw | no-dsa | jessie | package | |
| dcraw | not-affected | wheezy | package | |
| dcraw | not-affected | squeeze | package | |
| kodi | not-affected | package | ||
| darktable | fixed | 2.0.0-1 | package | |
| darktable | not-affected | jessie | package | |
| darktable | not-affected | wheezy | package | |
| darktable | not-affected | squeeze | package | |
| ufraw | fixed | 0.20-4 | package | |
| ufraw | no-dsa | jessie | package | |
| ufraw | not-affected | wheezy | package | |
| ufraw | not-affected | squeeze | package | |
| rawtherapee | fixed | 4.2.1241-2 | package | |
| rawtherapee | fixed | 4.2-1+deb8u2 | jessie | package |
| rawtherapee | not-affected | wheezy | package | |
| rawtherapee | not-affected | squeeze | package | |
| exactimage | fixed | 0.9.1-13 | package | |
| exactimage | fixed | 0.8.9-7+deb8u2 | jessie | package |
| exactimage | not-affected | wheezy | package | |
| exactimage | not-affected | squeeze | package |
Примечания
exactimage: smal_decode_segment inside dcraw.h not dcraw.c
Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
Связанные уязвимости
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.