What Are You Looking For?

Popular Tags

Sign Up
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3433-1                [email protected]
https://www.debian.org/lts/security/                       Guilhem Moulin
May 27, 2023                                  https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : libraw
Version        : 0.19.2-2+deb10u3
CVE ID         : CVE-2021-32142 CVE-2023-1729
Debian Bug     : 1031790 1036281

Buffer Overflow vulnerabilities were found in libraw, a raw image
decoder library, which could lead to application crash or privilege
escalation.

CVE-2021-32142

    A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
    gets(char*, int), which could lead to privilege escalation or
    application crash.

CVE-2023-1729

    A heap-buffer-overflow was found in raw2image_ex(int), which may
    lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version
0.19.2-2+deb10u3.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3433-1: libraw security update

May 27, 2023
Buffer Overflow vulnerabilities were found in libraw, a raw image decoder library, which could lead to application crash or privilege escalation

Summary

CVE-2021-32142

A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or
application crash.

CVE-2023-1729

A heap-buffer-overflow was found in raw2image_ex(int), which may
lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version
0.19.2-2+deb10u3.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : libraw
Version : 0.19.2-2+deb10u3
CVE ID : CVE-2021-32142 CVE-2023-1729
Debian Bug : 1031790 1036281

Related News

Harden Ubuntu Server to Secure Your Container and Other Deployments

Sep 17, 2023

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Sep 17, 2023

Critical PHP Info Disclosure, Code Execution Bugs Fixed

Sep 7, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

News

Advisories

HOWTOs

Features

The Unseen Potential of Wake-on-LAN
Linux Vulnerabilities: The Antidote to This Linux Security Poison
Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge
Navigating Software Scalability: A Practical Guide to Building Scalable Systems with Linux
Unlocking the Secrets of Linux Security: An Expert Analysis

About Us

Powered By

Footer Logo

Feedback