Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3343-1

Опубликовано: 23 окт. 2018
Источник: suse-cvrf

Описание

Security update for libraw

This update for libraw fixes the following issues:

Security issues fixed:

  • CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691).
  • CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690).
  • CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function (bsc#1084688).
  • CVE-2018-5813: Fixed infinite loop in the parse_minolta function (bsc#1103200)
  • CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw (bsc#1103353)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libraw-devel-0.15.4-21.1
libraw-devel-static-0.15.4-21.1
libraw9-0.15.4-21.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libraw9-0.15.4-21.1

Ссылки

Описание

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw9-0.15.4-21.1
Ссылки

Описание

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw9-0.15.4-21.1
Ссылки

Описание

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw9-0.15.4-21.1
Ссылки

Описание

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw9-0.15.4-21.1
Ссылки

Описание

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw9-0.15.4-21.1
Ссылки