libraw

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)
Version 0.21.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-681 0.18.9-1 0.18.10-1 Critical Fixed FS#58393
AVG-410 0.18.4-1 0.18.5-1 High Fixed
AVG-92 0.16.1-1 0.17.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-10529 AVG-681 Medium Yes Information disclosure
An out-of-bounds read has been found in LibRaw before 0.18.10, in the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp
CVE-2018-10528 AVG-681 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in LibRaw before 0.18.10, in the utf2char() function in libraw_cxx.cpp.
CVE-2017-14265 AVG-410 High No Arbitrary code execution
A stack-based buffer overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3 leading to denial of service or...
CVE-2017-13735 AVG-410 Medium No Denial of service
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2 leading to denial of service.
CVE-2015-8367 AVG-92 Medium Yes Incorrect calculation
It was found that phase_one_correct function in libraw does not handle memory object’s initialization correctly, which may have unspecified impact.
CVE-2015-8366 AVG-92 Medium Yes Incorrect calculation
It was found that smal_decode_segment function in libraw do not handle index carefully, which may cause index overflow.

Advisories

Date Advisory Group Severity Type
09 May 2018 ASA-201805-2 AVG-681 Critical multiple issues
22 Sep 2017 ASA-201709-18 AVG-410 High multiple issues