Описание
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
A heap-based buffer overflow has been discovered in LibRaw, in the way rollei_load_raw() function in internal/dcraw_common.cpp file handles the input image. An attacker could trigger the flaw by providing a specially crafted Rollei RAW Image, which could result in a crash or other unspecified effects.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | LibRaw | Will not fix | ||
| Red Hat Enterprise Linux 8 | LibRaw | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
An error within the "rollei_load_raw()" function (internal/dcraw_commo ...
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Уязвимость функции rollei_load_raw() компонента internal/dcraw_common.cpp библиотеки для обработки изображений LibRaw, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
5.3 Medium
CVSS3