- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2903-1                [email protected]
https://www.debian.org/lts/security/                          Abhijith PA
January 29, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libraw
Version        : 0.17.2-6+deb9u2
CVE ID         : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 
                 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 
                 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 
                 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 
                 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 
                 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 
                 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 
                 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 
                 CVE-2018-20365 

Several vulnerabilities have been discovered in libraw that
may lead to the execution of arbitrary code, denial of service, or 
information leaks.

CVE-2017-13735

    There is a floating point exception in the kodak_radc_load_raw 
    function. It will lead to a remote denial of service attack.

CVE-2017-14265

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate 
    method. It could allow a remote denial of service or code 
    execution attack.

CVE-2017-14348

    There is a heap-based Buffer Overflow in the  
    processCanonCameraInfo function.

CVE-2017-14608

    An out of bounds read flaw related to kodak_65000_load_raw has 
    been reported in libraw. An attacker could possibly exploit this 
    flaw to disclose potentially sensitive memory or cause an 
    application crash.

CVE-2017-16909

    An error related to the "LibRaw::panasonic_load_raw()" function 
    can be exploited to cause a heap-based buffer overflow and 
    subsequently cause a crash via a specially crafted TIFF image. 
    xtrans_interpolate method. It could allow a remote denial of 
    service or code execution attack.

CVE-2017-16910

    An error within the "LibRaw::xtrans_interpolate()" function can be 
    exploited to cause an invalid read memory access and subsequently 
    a Denial of Service condition.

CVE-2018-5800

    An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" 
    function can be exploited to cause a heap-based buffer overflow 
    and subsequently cause a crash.

CVE-2018-5801

    An error within the "LibRaw::unpack()" function can be exploited 
    to trigger a NULL pointer dereference.

CVE-2018-5802

    An error within the "kodak_radc_load_raw()" function can be 
    exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5804

    A type confusion error within the "identify()" function can be 
    exploited to trigger a division by zero.

CVE-2018-5805

    A boundary error within the "quicktake_100_load_raw()" function 
    can be exploited to cause a stack-based buffer overflow and 
    subsequently cause a crash.

CVE-2018-5806

    An error within the "leaf_hdr_load_raw()" function 
    can be exploited to trigger a NULL pointer dereference.

CVE-2018-5807

    An error within the "samsung_load_raw()" function 
    can be exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5808

    An error within the "find_green()" function can be exploited to 
    cause a stack-based buffer overflow and subsequently execute 
    arbitrary code.

CVE-2018-5810

    An error within the "rollei_load_raw()" function can be exploited 
    to cause a heap-based buffer overflow and subsequently cause a 
    crash.

CVE-2018-5811

    An error within the "nikon_coolscan_load_raw()" function 
    can be exploited to cause an out-of-bounds read memory access and 
    subsequently cause a crash.

CVE-2018-5812

    An error within the "nikon_coolscan_load_raw()" function can be 
    exploited to trigger a NULL pointer dereference.

CVE-2018-5813

    An error within the "parse_minolta()" function can be exploited to 
    trigger an infinite loop via a specially crafted file.

CVE-2018-5815

    An integer overflow error within the "parse_qt()" function can be 
    exploited to trigger an infinite loop via a specially crafted 
    Apple QuickTime file.

CVE-2018-5817

    A type confusion error within the "unpacked_load_raw()" function 
    can be exploited to trigger an infinite loop.

CVE-2018-5818

    An error within the "parse_rollei()" function can be exploited to 
    trigger an infinite loop.

CVE-2018-5819

    An error within the "parse_sinar_ia()" function can be exploited to exhaust available CPU resources.

CVE-2018-20363

    LibRaw::raw2image has a NULL pointer dereference.

CVE-2018-20364

    LibRaw::copy_bayer has a NULL pointer dereference

CVE-2018-20365

    LibRaw::raw2image() has a heap-based buffer overflow.

For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS