Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:0008-1

Опубликовано: 23 мар. 2019
Источник: suse-cvrf

Описание

Security update for libraw

This update for libraw fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
  • CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)
  • CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
libraw-devel-0.18.9-lp150.2.3.1
libraw-devel-static-0.18.9-lp150.2.3.1
libraw-tools-0.18.9-lp150.2.3.1
libraw16-0.18.9-lp150.2.3.1

Ссылки

Описание

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

Затронутые продукты
openSUSE Leap 15.0:libraw-devel-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-devel-static-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-tools-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw16-0.18.9-lp150.2.3.1
Ссылки

Описание

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Затронутые продукты
openSUSE Leap 15.0:libraw-devel-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-devel-static-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-tools-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw16-0.18.9-lp150.2.3.1
Ссылки

Описание

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

Затронутые продукты
openSUSE Leap 15.0:libraw-devel-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-devel-static-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-tools-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw16-0.18.9-lp150.2.3.1
Ссылки

Описание

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

Затронутые продукты
openSUSE Leap 15.0:libraw-devel-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-devel-static-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw-tools-0.18.9-lp150.2.3.1
openSUSE Leap 15.0:libraw16-0.18.9-lp150.2.3.1
Ссылки