Описание
Security update for libraw
This update for libraw fixes the following issues:
Security issues fixed:
- CVE-2017-13735: A floating point exception in kodak_radc_load_raw could be used by attackers to crash a libraw using application (bsc#1060321)
- CVE-2017-14608: An out-of-bounds read in the kodak_65000_load_raw function could be used for crashing or information leak from the libraw library (bsc#1063798)
- CVE-2017-16909: Fix heap-buffer overflow in the LibRaw::panasonic_load_raw() function (bsc#1072385).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP3
Ссылки
- Link for SUSE-SU-2017:3392-1
- E-Mail link for SUSE-SU-2017:3392-1
- SUSE Security Ratings
- SUSE Bug 1060321
- SUSE Bug 1063798
- SUSE Bug 1072385
- SUSE CVE CVE-2017-13735 page
- SUSE CVE CVE-2017-14608 page
- SUSE CVE CVE-2017-16909 page
Описание
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-13735
- SUSE Bug 1056170
- SUSE Bug 1060321
Описание
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
Затронутые продукты
Ссылки
- CVE-2017-14608
- SUSE Bug 1063798
Описание
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2017-16909
- SUSE Bug 1072385