Описание
Security update for libraw
This update for libraw fixes the following issues:
- CVE-2017-6890: A boundary error within the 'foveon_load_camf()' function was fixed. [boo#1039209]
- CVE-2017-6889: An integer overflow error within the 'foveon_load_camf()' function was fixed. [boo#1039210]
- CVE-2017-6887: A memory corruption via e.g. a specially crafted KDC file parse_tiff_ifd() was fixed. [boo#1039379]
- CVE-2017-6886: A memory corruption in parse_tiff_ifd() function was fixed. [boo#1039380]
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:1460-1
- SUSE Security Ratings
Описание
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
Затронутые продукты
Ссылки
- CVE-2017-6886
- SUSE Bug 1039380
Описание
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.
Затронутые продукты
Ссылки
- CVE-2017-6887
- SUSE Bug 1039379
Описание
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-6889
- SUSE Bug 1039210
Описание
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-6890
- SUSE Bug 1039209