Описание
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Отчет
LibRaw as shipped in Red Hat Enterprise Linux 7 and 8 are not affected by this flaw - the flaw seems to be isolated to the specific compiler version used to build LibRaw by the reporter. Versions of g++ and LibRaw as shipped did not exhibit the flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | libkdcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | LibRaw | Not affected | ||
| Red Hat Enterprise Linux 8 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 8 | LibRaw | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution.
5.3 Medium
CVSS3