Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:2286-1

Опубликовано: 09 авг. 2018
Источник: suse-cvrf

Описание

Security update for libraw

This update for libraw fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).

  • CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)

  • CVE-2018-5810: Fixed an error within the rollei_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (boo#1103353)

  • CVE-2018-5811: Fixed an error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103359)

  • CVE-2018-5812: Fixed another error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to trigger a NULL pointer dereference. (boo#1103360)

  • CVE-2018-5807: Fixed an error within the samsung_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103361)

Список пакетов

openSUSE Leap 42.3
libraw-0.17.1-23.1
libraw-devel-0.17.1-23.1
libraw-devel-static-0.17.1-23.1
libraw-tools-0.17.1-23.1
libraw15-0.17.1-23.1

Ссылки

Описание

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки

Описание

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки

Описание

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки

Описание

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки

Описание

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки

Описание

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

Затронутые продукты
openSUSE Leap 42.3:libraw-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-0.17.1-23.1
openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1
openSUSE Leap 42.3:libraw-tools-0.17.1-23.1
Ссылки