Описание
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
A flaw was found in LibRaw. A remote attacker could exploit this vulnerability by manipulating the 'bits[]' argument within the 'HuffTable::initval' function of the JPEG DHT Parser component. This manipulation leads to an out-of-bounds write, which can result in a Denial of Service (DoS) condition, making the affected system or application unavailable. An exploit for this vulnerability has been made public.
Отчет
This Moderate impact flaw in LibRaw's JPEG DHT Parser could lead to a Denial of Service. A remote attacker could trigger an out-of-bounds write by providing a specially crafted JPEG image to an application utilizing LibRaw. This vulnerability affects Red Hat Enterprise Linux versions that include LibRaw.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libraw1394 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | LibRaw | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libraw1394 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | LibRaw | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libraw1394 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | LibRaw | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
A weakness has been identified in LibRaw up to 0.22.0. This impacts th ...
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
EPSS
6.5 Medium
CVSS3