MGASA-2022-0160
- Source
- https://advisories.mageia.org/MGASA-2022-0160.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0160.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2022-0160
- Related
- Published
- 2022-05-06T20:16:39Z
- Modified
- 2022-05-06T19:27:30Z
- Summary
- Updated dcraw packages fix security vulnerability
- Details
-
A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19565)
A heap buffer over-read in parsetiffifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19566)
A floating point exception in parsetiffifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19567)
A floating point exception in kodakradcload_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19568)
A boundary error within the "quicktake100loadraw()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. (CVE-2018-5805)
An error within the "leafhdrloadraw()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. (CVE-2021-3624)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / dcraw
Package
- Name
- dcraw
- Purl
- pkg:rpm/mageia/dcraw?distro=mageia-8