Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8 MGASA-2022-0160 Moderate: dcraw Buffer Over-Read Threat

mageia
Calendar Grey May 6, 2022
Dist Mageia Esm H88
Mageia 2022-0161 tackles critical vulnerabilities in libjpeg-turbo affecting system performance and image handling. Check out the specifics now.
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak...

Summary

A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19565)
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19566)
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19567)
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19568)
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-ba...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24107

- https://www.openwall.com/lists/oss-security/2018/11/27/1

-

- https://www.cve.org/CVERecord?id=CVE-2018-5805

- https://www.cve.org/CVERecord?id=CVE-2018-5806

- https://www.cve.org/CVERecord?id=CVE-2018-19565

- https://www.cve.org/CVERecord?id=CVE-2018-19566

- https://www.cve.org/CVERecord?id=CVE-2018-19567

- https://www.cve.org/CVERecord?id=CVE-2018-19568

- https://www.cve.org/CVERecord?id=CVE-2021-3624

Topics%20covered

Topics Covered

security advisory moderate threat attack protection software vulnerability buffer over-read Mageia dcraw

Resolution

SRPMS

- 8/core/dcraw-9.28.0-6.1.mga8

Publication date: 06 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0160.html
Type: security
CVE: CVE-2018-5805, CVE-2018-5806, CVE-2018-19565, CVE-2018-19566, CVE-2018-19567, CVE-2018-19568, CVE-2021-3624

Topics%20covered

Topics Covered

security advisory moderate threat attack protection software vulnerability buffer over-read Mageia dcraw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here