Описание
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Отчет
Versions of LibRaw shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw because the vulnerable code was introduced in a newer version of LibRaw. CR3 support was not introduced until 0.20-RC1 and the older exif code does not have the same logic.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | libkdcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | LibRaw | Not affected | ||
| Red Hat Enterprise Linux 8 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 8 | LibRaw | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
7.5 High
CVSS3