Описание
Security update for dcraw
This update for dcraw fixes the following issues:
- CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170).
- CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798).
- CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896).
- CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690).
- CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973).
- CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974).
- CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622).
- CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517).
- CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512).
- CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436).
- CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642).
Non-security fixes:
- Updated to version 9.28.0.
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2022:1749-1
- E-Mail link for SUSE-SU-2022:1749-1
- SUSE Security Ratings
- SUSE Bug 1056170
- SUSE Bug 1063798
- SUSE Bug 1084690
- SUSE Bug 1097973
- SUSE Bug 1097974
- SUSE Bug 1117436
- SUSE Bug 1117512
- SUSE Bug 1117517
- SUSE Bug 1117622
- SUSE Bug 1117896
- SUSE Bug 1189642
- SUSE CVE CVE-2017-13735 page
- SUSE CVE CVE-2017-14608 page
- SUSE CVE CVE-2018-19565 page
- SUSE CVE CVE-2018-19566 page
- SUSE CVE CVE-2018-19567 page
- SUSE CVE CVE-2018-19568 page
Описание
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-13735
- SUSE Bug 1056170
- SUSE Bug 1060321
Описание
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
Затронутые продукты
Ссылки
- CVE-2017-14608
- SUSE Bug 1063798
Описание
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Затронутые продукты
Ссылки
- CVE-2018-19565
- SUSE Bug 1117622
Описание
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Затронутые продукты
Ссылки
- CVE-2018-19566
- SUSE Bug 1117517
Описание
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Затронутые продукты
Ссылки
- CVE-2018-19567
- SUSE Bug 1117512
Описание
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Затронутые продукты
Ссылки
- CVE-2018-19568
- SUSE Bug 1117436
Описание
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Затронутые продукты
Ссылки
- CVE-2018-19655
- SUSE Bug 1117896
Описание
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2018-5801
- SUSE Bug 1084690
Описание
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
Затронутые продукты
Ссылки
- CVE-2018-5805
- SUSE Bug 1097973
Описание
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2018-5806
- SUSE Bug 1097974
Описание
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
Затронутые продукты
Ссылки
- CVE-2021-3624
- SUSE Bug 1189642