FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- multiple DoS vulnerabilities

Affected packages
libraw < 0.18.6

Details

VuXML ID c60804f1-126f-11e8-8b5b-4ccc6adda413
Discovery 2017-12-04
Entry 2018-02-15

Secunia Research reports:

CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) can be exploited to cause an invalid read memory access.

References

CVE Name CVE-2017-16909
CVE Name CVE-2017-16910
URL https://www.securityfocus.com/archive/1/541583