Описание
Security update for libraw
This update for libraw fixes the following issues:
- security update
- added patches
fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow
- libraw-CVE-2020-15503.patch
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libraw-devel-0.15.4-33.1
libraw-devel-static-0.15.4-33.1
libraw9-0.15.4-33.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libraw9-0.15.4-33.1
Ссылки
- Link for SUSE-SU-2020:2028-1
- E-Mail link for SUSE-SU-2020:2028-1
- SUSE Security Ratings
- SUSE Bug 1173674
- SUSE CVE CVE-2020-15503 page
Описание
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libraw-devel-0.15.4-33.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libraw-devel-static-0.15.4-33.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libraw9-0.15.4-33.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libraw9-0.15.4-33.1
Ссылки
- CVE-2020-15503
- SUSE Bug 1173674