FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- multiple DoS vulnerabilities

Affected packages
libraw < 0.18.7

Details

VuXML ID 6f0b0cbf-1274-11e8-8b5b-4ccc6adda413
Discovery 2018-01-16
Entry 2018-02-15

Secunia Research reports:

CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2017-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.

CVE-2017-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

References

CVE Name CVE-2018-5800
CVE Name CVE-2018-5801
CVE Name CVE-2018-5802
URL https://www.securityfocus.com/archive/1/541732