- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2903-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
January 29, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libraw
Version : 0.17.2-6+deb9u2
CVE ID : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348
CVE-2017-14608 CVE-2017-16909 CVE-2017-16910
CVE-2018-5800 CVE-2018-5801 CVE-2018-5802
CVE-2018-5804 CVE-2018-5805 CVE-2018-5806
CVE-2018-5807 CVE-2018-5808 CVE-2018-5810
CVE-2018-5811 CVE-2018-5812 CVE-2018-5813
CVE-2018-5815 CVE-2018-5817 CVE-2018-5818
CVE-2018-5819 CVE-2018-20363 CVE-2018-20364
CVE-2018-20365
Several vulnerabilities have been discovered in libraw that
may lead to the execution of arbitrary code, denial of service, or
information leaks.
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw
function. It will lead to a remote denial of service attack.
CVE-2017-14265
A Stack-based Buffer Overflow was discovered in xtrans_interpolate
method. It could allow a remote denial of service or code
execution attack.
CVE-2017-14348
There is a heap-based Buffer Overflow in the
processCanonCameraInfo function.
CVE-2017-14608
An out of bounds read flaw related to kodak_65000_load_raw has
been reported in libraw. An attacker could possibly exploit this
flaw to disclose potentially sensitive memory or cause an
application crash.
CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function
can be exploited to cause a heap-based buffer overflow and
subsequently cause a crash via a specially crafted TIFF image.
xtrans_interpolate method. It could allow a remote denial of
service or code execution attack.
CVE-2017-16910
An error within the "LibRaw::xtrans_interpolate()" function can be
exploited to cause an invalid read memory access and subsequently
a Denial of Service condition.
CVE-2018-5800
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function can be exploited to cause a heap-based buffer overflow
and subsequently cause a crash.
CVE-2018-5801
An error within the "LibRaw::unpack()" function can be exploited
to trigger a NULL pointer dereference.
CVE-2018-5802
An error within the "kodak_radc_load_raw()" function can be
exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5804
A type confusion error within the "identify()" function can be
exploited to trigger a division by zero.
CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function
can be exploited to cause a stack-based buffer overflow and
subsequently cause a crash.
CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function
can be exploited to trigger a NULL pointer dereference.
CVE-2018-5807
An error within the "samsung_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5808
An error within the "find_green()" function can be exploited to
cause a stack-based buffer overflow and subsequently execute
arbitrary code.
CVE-2018-5810
An error within the "rollei_load_raw()" function can be exploited
to cause a heap-based buffer overflow and subsequently cause a
crash.
CVE-2018-5811
An error within the "nikon_coolscan_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5812
An error within the "nikon_coolscan_load_raw()" function can be
exploited to trigger a NULL pointer dereference.
CVE-2018-5813
An error within the "parse_minolta()" function can be exploited to
trigger an infinite loop via a specially crafted file.
CVE-2018-5815
An integer overflow error within the "parse_qt()" function can be
exploited to trigger an infinite loop via a specially crafted
Apple QuickTime file.
CVE-2018-5817
A type confusion error within the "unpacked_load_raw()" function
can be exploited to trigger an infinite loop.
CVE-2018-5818
An error within the "parse_rollei()" function can be exploited to
trigger an infinite loop.
CVE-2018-5819
An error within the "parse_sinar_ia()" function can be exploited to exhaust available CPU resources.
CVE-2018-20363
LibRaw::raw2image has a NULL pointer dereference.
CVE-2018-20364
LibRaw::copy_bayer has a NULL pointer dereference
CVE-2018-20365
LibRaw::raw2image() has a heap-based buffer overflow.
For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.
We recommend that you upgrade your libraw packages.
For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2903-1: libraw security update
January 29, 2022
Several vulnerabilities have been discovered in libraw that may lead to the execution of arbitrary code, denial of service, or information leaks
Summary
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw
function. It will lead to a remote denial of service attack.
CVE-2017-14265
A Stack-based Buffer Overflow was discovered in xtrans_interpolate
method. It could allow a remote denial of service or code
execution attack.
CVE-2017-14348
There is a heap-based Buffer Overflow in the
processCanonCameraInfo function.
CVE-2017-14608
An out of bounds read flaw related to kodak_65000_load_raw has
been reported in libraw. An attacker could possibly exploit this
flaw to disclose potentially sensitive memory or cause an
application crash.
CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function
can be exploited to cause a heap-based buffer overflow and
subsequently cause a crash via a specially crafted TIFF image.
xtrans_interpolate method. It could allow a remote denial of
service or code execution attack.
CVE-2017-16910
An error within the "LibRaw::xtrans_interpolate()" function can be
exploited to cause an invalid read memory access and subsequently
a Denial of Service condition.
CVE-2018-5800
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function can be exploited to cause a heap-based buffer overflow
and subsequently cause a crash.
CVE-2018-5801
An error within the "LibRaw::unpack()" function can be exploited
to trigger a NULL pointer dereference.
CVE-2018-5802
An error within the "kodak_radc_load_raw()" function can be
exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5804
A type confusion error within the "identify()" function can be
exploited to trigger a division by zero.
CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function
can be exploited to cause a stack-based buffer overflow and
subsequently cause a crash.
CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function
can be exploited to trigger a NULL pointer dereference.
CVE-2018-5807
An error within the "samsung_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5808
An error within the "find_green()" function can be exploited to
cause a stack-based buffer overflow and subsequently execute
arbitrary code.
CVE-2018-5810
An error within the "rollei_load_raw()" function can be exploited
to cause a heap-based buffer overflow and subsequently cause a
crash.
CVE-2018-5811
An error within the "nikon_coolscan_load_raw()" function
can be exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
CVE-2018-5812
An error within the "nikon_coolscan_load_raw()" function can be
exploited to trigger a NULL pointer dereference.
CVE-2018-5813
An error within the "parse_minolta()" function can be exploited to
trigger an infinite loop via a specially crafted file.
CVE-2018-5815
An integer overflow error within the "parse_qt()" function can be
exploited to trigger an infinite loop via a specially crafted
Apple QuickTime file.
CVE-2018-5817
A type confusion error within the "unpacked_load_raw()" function
can be exploited to trigger an infinite loop.
CVE-2018-5818
An error within the "parse_rollei()" function can be exploited to
trigger an infinite loop.
CVE-2018-5819
An error within the "parse_sinar_ia()" function can be exploited to exhaust available CPU resources.
CVE-2018-20363
LibRaw::raw2image has a NULL pointer dereference.
CVE-2018-20364
LibRaw::copy_bayer has a NULL pointer dereference
CVE-2018-20365
LibRaw::raw2image() has a heap-based buffer overflow.
For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.
We recommend that you upgrade your libraw packages.
For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : libraw
Version : 0.17.2-6+deb9u2
CVE ID : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348
News
HOWTOs
Features
About Us
Powered By
