Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0731-1

Опубликовано: 18 мар. 2018
Источник: suse-cvrf

Описание

Security update for libraw

This update for libraw fixes the following issues:

  • CVE-2018-5800: Specially crafted RAW files may have caused an application crash via a heap-based buffer overflow (boo#1084690)
  • CVE-2018-5801: Specially crafted RAW files may have been used to trigger a NULL pointer de-reference (boo#1084691)
  • CVE-2018-5802: Specially crafted RAW files may have caused an application crash via a heap-based buffer overflow (boo#1084688)

Список пакетов

openSUSE Leap 42.3
libraw-0.17.1-17.1
libraw-devel-0.17.1-17.1
libraw-devel-static-0.17.1-17.1
libraw-tools-0.17.1-17.1
libraw15-0.17.1-17.1

Ссылки

Описание

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-17.1
openSUSE Leap 42.3:libraw-tools-0.17.1-17.1
Ссылки

Описание

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-17.1
openSUSE Leap 42.3:libraw-tools-0.17.1-17.1
Ссылки

Описание

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-0.17.1-17.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-17.1
openSUSE Leap 42.3:libraw-tools-0.17.1-17.1
Ссылки
Уязвимость openSUSE-SU-2018:0731-1