AVG-92 log
| Package | libraw |
| Status | Fixed |
| Severity | Medium |
| Type | incorrect calculation |
| Affected | 0.16.1-1 |
| Fixed | 0.17.1-1 |
| Current | 0.21.3-1 [extra] |
| Ticket | None |
| Created | Sat Dec 3 22:13:33 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2015-8367 | Medium | Yes | Incorrect calculation | It was found that phase_one_correct function in libraw does not handle memory object’s initialization correctly, which may have unspecified impact. |
| CVE-2015-8366 | Medium | Yes | Incorrect calculation | It was found that smal_decode_segment function in libraw do not handle index carefully, which may cause index overflow. |