libraw

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)
Version	0.21.3-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-681	0.18.9-1	0.18.10-1	Critical	Fixed	FS#58393
AVG-410	0.18.4-1	0.18.5-1	High	Fixed
AVG-92	0.16.1-1	0.17.1-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2018-10529	AVG-681	Medium	Yes	Information disclosure	An out-of-bounds read has been found in LibRaw before 0.18.10, in the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp
CVE-2018-10528	AVG-681	Critical	Yes	Arbitrary code execution	A stack-based buffer overflow has been found in LibRaw before 0.18.10, in the utf2char() function in libraw_cxx.cpp.
CVE-2017-14265	AVG-410	High	No	Arbitrary code execution	A stack-based buffer overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3 leading to denial of service or...
CVE-2017-13735	AVG-410	Medium	No	Denial of service	There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2 leading to denial of service.
CVE-2015-8367	AVG-92	Medium	Yes	Incorrect calculation	It was found that phase_one_correct function in libraw does not handle memory object’s initialization correctly, which may have unspecified impact.
CVE-2015-8366	AVG-92	Medium	Yes	Incorrect calculation	It was found that smal_decode_segment function in libraw do not handle index carefully, which may cause index overflow.

Advisories

Date	Advisory	Group	Severity	Type
09 May 2018	ASA-201805-2	AVG-681	Critical	multiple issues
22 Sep 2017	ASA-201709-18	AVG-410	High	multiple issues