Debian: DLA-2903-1 Moderate: libraw Code Execution Risks
debian lts
January 29, 2022
Several vulnerabilities have been discovered in libraw that may lead to the execution of arbitrary code, denial of service, or information leaks
Topics Covered
Summary
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw
function. It will lead to a remote denial of service attack.
CVE-2017-14265
A Stack-based Buffer Overflow was discovered in xtrans_interpolate
method. It could allow a remote denial of service or code
execution attack.
CVE-2017-14348
There is a heap-based Buffer Overflow in the
processCanonCameraInfo function.
CVE-2017-14608
An out of bounds read flaw related to kodak_65000_load_raw has
been reported in libraw. An attacker could possibly exploit this
flaw to disclose potentially sensitive memory or cause an
application crash.
CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function
can be exploited to cause a heap-based buffer overflow and
subsequently cause a crash via a specially crafted TIFF image.
xtrans_interpolate method. It could allow a remote denial of
service or code execution attack.
CVE-2017-16910
PREVIOUS
NEXT
Package: libraw
Version: 0.17.2-6+deb9u2
CVE ID: CVE-2017-13735 CVE-2017-14265 CVE-2017-14348
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!