Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:1749-1 Moderate: dcraw Denial of Service Issues

suse
Calendar Grey May 19, 2022
Dist Suse Esm H88
SUSE has released a new version of dcraw to fix 11 security issues, among them are risks related to buffer overflows and denial of service attacks. Immediate action is recommended.
An update that fixes 11 vulnerabilities is now available

Summary

This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622).

Topics%20covered

Topics Covered

security advisory denial of service update buffer overflow memory access SUSE Linux dcraw

References

#1056170 #1063798 #1084690 #1097973 #1097974

#1117436 #1117512 #1117517 #1117622 #1117896

#1189642

Cross- CVE-2017-13735 CVE-2017-14608 CVE-2018-19565

CVE-2018-19566 CVE-2018-19567 CVE-2018-19568

CVE-2018-19655 CVE-2018-5801 CVE-2018-5805

CVE-2018-5806 CVE-2021-3624

CVSS scores:

CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Announcement ID: SUSE-SU-2022:1749-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory denial of service update buffer overflow memory access SUSE Linux dcraw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here