Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Moderate Advisory for Scientific Linux 7: SLSA-2018-3065-1 on libkdcraw

Scientific Large Esm H446
* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function
in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw
function in internal/dcraw_common.cpp (CVE-2018-5800)
Synopsis:          Moderate: libkdcraw security update
Advisory ID:       SLSA-2018:3065-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-5800
                   CVE-2018-5801
                   CVE-2018-5802
                   CVE-2018-5805
                   CVE-2018-5806
--* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function
in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw
function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function
src/libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function
internal/dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in
internal/dcraw_common.cpp (CVE-2018-5806)
--SL7
  x86_64
    libkdcraw-4.10.5-5.el7.i686.rpm
    libkdcraw-4.10.5-5.el7.x86_64.rpm
    libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm
    libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm
    libkdcraw-devel-4.10.5-5.el7.i686.rpm
    libkdcraw-devel-4.10.5-5.el7.x86_64.rpm

- Scientific Linux Development Team