Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 10 DLA-3433-1 Moderate: Libraw Buffer Overflow Risk

debian lts
Calendar Grey May 27, 2023
Dist Debian Esm H88
Enhance libraw to mitigate buffer overflow risks in Debian LTS, safeguarding against program malfunctions and unauthorized access escalation.
Buffer Overflow vulnerabilities were found in libraw, a raw image decoder library, which could lead to application crash or privilege escalation

Summary

CVE-2021-32142

A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or
application crash.

CVE-2023-1729

A heap-buffer-overflow was found in raw2image_ex(int), which may
lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version
0.19.2-2+deb10u3.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Package: libraw
Version: 0.19.2-2+deb10u3
CVE ID: CVE-2021-32142 CVE-2023-1729
Debian Bug: 1031790 1036281

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.