- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2903-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
January 29, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libraw
Version        : 0.17.2-6+deb9u2
CVE ID         : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 
                 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 
                 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 
                 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 
                 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 
                 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 
                 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 
                 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 
                 CVE-2018-20365 

Several vulnerabilities have been discovered in libraw that
may lead to the execution of arbitrary code, denial of service, or 
information leaks.

CVE-2017-13735

    There is a floating point exception in the kodak_radc_load_raw 
    function. It will lead to a remote denial of service attack.

CVE-2017-14265

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate 
    method. It could allow a remote denial of service or code 
    execution attack.

CVE-2017-14348

    There is a heap-based Buffer Overflow in the  
    processCanonCameraInfo function.

CVE-2017-14608

    An out of bounds read flaw related to kodak_65000_load_raw has 
    been reported in libraw. An attacker could possibly exploit this 
    flaw to disclose potentially sensitive memory or cause an 
    application crash.

CVE-2017-16909

    An error related to the "LibRaw::panasonic_load_raw()" function 
    can be exploited to cause a heap-based buffer overflow and 
    subsequently cause a crash via a specially crafted TIFF image. 
    xtrans_interpolate method. It could allow a remote denial of 
    service or code execution attack.

CVE-2017-16910

    An error within the "LibRaw::xtrans_interpolate()" function can be 
    exploited to cause an invalid read memory access and subsequently 
    a Denial of Service condition.

CVE-2018-5800

    An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" 
    function can be exploited to cause a heap-based buffer overflow 
    and subsequently cause a crash.

CVE-2018-5801

    An error within the "LibRaw::unpack()" function can be exploited 
    to trigger a NULL pointer dereference.

CVE-2018-5802

    An error within the "kodak_radc_load_raw()" function can be 
    exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5804

    A type confusion error within the "identify()" function can be 
    exploited to trigger a division by zero.

CVE-2018-5805

    A boundary error within the "quicktake_100_load_raw()" function 
    can be exploited to cause a stack-based buffer overflow and 
    subsequently cause a crash.

CVE-2018-5806

    An error within the "leaf_hdr_load_raw()" function 
    can be exploited to trigger a NULL pointer dereference.

CVE-2018-5807

    An error within the "samsung_load_raw()" function 
    can be exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5808

    An error within the "find_green()" function can be exploited to 
    cause a stack-based buffer overflow and subsequently execute 
    arbitrary code.

CVE-2018-5810

    An error within the "rollei_load_raw()" function can be exploited 
    to cause a heap-based buffer overflow and subsequently cause a 
    crash.

CVE-2018-5811

    An error within the "nikon_coolscan_load_raw()" function 
    can be exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5812

    An error within the "nikon_coolscan_load_raw()" function can be 
    exploited to trigger a NULL pointer dereference.

CVE-2018-5813

    An error within the "parse_minolta()" function can be exploited to 
    trigger an infinite loop via a specially crafted file.

CVE-2018-5815

    An integer overflow error within the "parse_qt()" function can be 
    exploited to trigger an infinite loop via a specially crafted 
    Apple QuickTime file.

CVE-2018-5817

    A type confusion error within the "unpacked_load_raw()" function 
    can be exploited to trigger an infinite loop.

CVE-2018-5818

    An error within the "parse_rollei()" function can be exploited to 
    trigger an infinite loop.

CVE-2018-5819

    An error within the "parse_sinar_ia()" function can be exploited to exhaust available CPU resources.

CVE-2018-20363

    LibRaw::raw2image has a NULL pointer dereference.

CVE-2018-20364

    LibRaw::copy_bayer has a NULL pointer dereference

CVE-2018-20365

    LibRaw::raw2image() has a heap-based buffer overflow.

For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-2903-1: libraw security update

January 29, 2022
Several vulnerabilities have been discovered in libraw that may lead to the execution of arbitrary code, denial of service, or information leaks

Summary

CVE-2017-13735

There is a floating point exception in the kodak_radc_load_raw
function. It will lead to a remote denial of service attack.

CVE-2017-14265

A Stack-based Buffer Overflow was discovered in xtrans_interpolate
method. It could allow a remote denial of service or code
execution attack.

CVE-2017-14348

There is a heap-based Buffer Overflow in the
processCanonCameraInfo function.

CVE-2017-14608

An out of bounds read flaw related to kodak_65000_load_raw has
been reported in libraw. An attacker could possibly exploit this
flaw to disclose potentially sensitive memory or cause an
application crash.

CVE-2017-16909

An error related to the "LibRaw::panasonic_load_raw()" function
can be exploited to cause a heap-based buffer overflow and
subsequently cause a crash via a specially crafted TIFF image.
xtrans_interpolate method. It could allow a remote denial of
service or code execution attack.

CVE-2017-16910

An error within the "LibRaw::xtrans_interpolate()" function can be
exploited to cause an invalid read memory access and subsequently
a Denial of Service condition.

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function can be exploited to cause a heap-based buffer overflow
and subsequently cause a crash.

CVE-2018-5801

An error within the "LibRaw::unpack()" function can be exploited
to trigger a NULL pointer dereference.

CVE-2018-5802

An error within the "kodak_radc_load_raw()" function can be
exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.

CVE-2018-5804

A type confusion error within the "identify()" function can be
exploited to trigger a division by zero.

CVE-2018-5805

A boundary error within the "quicktake_100_load_raw()" function
can be exploited to cause a stack-based buffer overflow and
subsequently cause a crash.

CVE-2018-5806

An error within the "leaf_hdr_load_raw()" function
can be exploited to trigger a NULL pointer dereference.

CVE-2018-5807

An error within the "samsung_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.

CVE-2018-5808

An error within the "find_green()" function can be exploited to
cause a stack-based buffer overflow and subsequently execute
arbitrary code.

CVE-2018-5810

An error within the "rollei_load_raw()" function can be exploited
to cause a heap-based buffer overflow and subsequently cause a
crash.

CVE-2018-5811

An error within the "nikon_coolscan_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.

CVE-2018-5812

An error within the "nikon_coolscan_load_raw()" function can be
exploited to trigger a NULL pointer dereference.

CVE-2018-5813

An error within the "parse_minolta()" function can be exploited to
trigger an infinite loop via a specially crafted file.

CVE-2018-5815

An integer overflow error within the "parse_qt()" function can be
exploited to trigger an infinite loop via a specially crafted
Apple QuickTime file.

CVE-2018-5817

A type confusion error within the "unpacked_load_raw()" function
can be exploited to trigger an infinite loop.

CVE-2018-5818

An error within the "parse_rollei()" function can be exploited to
trigger an infinite loop.

CVE-2018-5819

An error within the "parse_sinar_ia()" function can be exploited to exhaust available CPU resources.

CVE-2018-20363

LibRaw::raw2image has a NULL pointer dereference.

CVE-2018-20364

LibRaw::copy_bayer has a NULL pointer dereference

CVE-2018-20365

LibRaw::raw2image() has a heap-based buffer overflow.

For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : libraw
Version : 0.17.2-6+deb9u2
CVE ID : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved