Описание
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
There is a flaw in dcraw. An attacker who is able to convince a victim to open a crafted file with dcraw could trigger an unsigned integer wraparound, leading to out-of-bounds write. The greatest impact from this flaw is to system availability, data integrity, and data confidentiality.
Отчет
In Red Hat Enterprise Linux 8 as shipped, the triggering of this flaw does not occur remotely, and requires a user to open a malicious file in a program linked with dcraw or LibRaw, such as GIMP.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | dcraw | Out of support scope | ||
| Red Hat Enterprise Linux 7 | dcraw | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libkdcraw | Out of support scope | ||
| Red Hat Enterprise Linux 7 | LibRaw | Out of support scope | ||
| Red Hat Enterprise Linux 8 | dcraw | Will not fix | ||
| Red Hat Enterprise Linux 8 | LibRaw | Not affected | ||
| Red Hat Enterprise Linux 9 | dcraw | Will not fix | ||
| Red Hat Enterprise Linux 9 | LibRaw | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
There is an integer overflow vulnerability in dcraw. When the victim r ...
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
Уязвимость функции foveon_load_camf() raw‐конвертера dcraw, позволяющая нарушителю выполнить произвольный код
7.8 High
CVSS3