FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- Out-of-bounds Read

Affected packages
libraw <= 0.18.4

Details

VuXML ID 02bee9ae-c5d1-409b-8a79-983a88861509
Discovery 2017-09-20
Entry 2017-09-28

libraw developers report:

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

References

CVE Name CVE-2017-14608
URL https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
URL https://github.com/LibRaw/LibRaw/issues/101