Subject: [ASA-202011-20] raptor: arbitrary code execution Arch Linux Security Advisory ASA-202011-20 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2017-18926 CVE-2020-25713 Package : raptor Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1283 Summary ======= The package raptor before version 2.0.15-14 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.0.15-14. # pacman -Syu "raptor>=2.0.15-14" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2017-18926 (arbitrary code execution) raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). - CVE-2020-25713 (arbitrary code execution) A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. Impact ====== A maliciously crafted RDF file can crash the application or execute arbitrary code. References ========== https://bugs.archlinux.org/task/68613 https://www.openwall.com/lists/oss-security/2017/06/07/1 http://bugs.librdf.org/mantis/view.php?id=617 http://bugs.librdf.org/mantis/view.php?id=618 https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f https://bugs.librdf.org/mantis/view.php?id=650 https://bugs.librdf.org/mantis/file_download.php?file_id=348&type=bug https://security.archlinux.org/CVE-2017-18926 https://security.archlinux.org/CVE-2020-25713