MGASA-2018-0356
- Source
- https://advisories.mageia.org/MGASA-2018-0356.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0356.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0356
- Related
- Published
- 2018-08-31T21:11:59Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated libraw packages fix security vulnerabilities
- Details
-
This update provides libraw 0.18.13 fixing at least the following security issues:
LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcrawcommon.cpp:parseqt() function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple QuickTime file (CVE-2018-5815).
LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:identify() function. An attacker could exploit this to cause an divide-by-zero and resultant denial of service via a specially crafted NOKIARAW file (CVE-2018-5816).
libraw 0.18.13 adds fixes for: * possible stack overrun while reading zero-sized strings * possible integer overflow
- References
-
- https://advisories.mageia.org/MGASA-2018-0356.html
- https://bugs.mageia.org/show_bug.cgi?id=23186
- https://bugzilla.suse.com/show_bug.cgi?id=1103206
- https://bugzilla.redhat.com/show_bug.cgi?id=1610156
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAILUJLX73GTMC4BTJPFRXMDQIFLWFMV/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / libraw
Package
- Name
- libraw
- Purl
- pkg:rpm/mageia/libraw?distro=mageia-6