libkdcraw security update

2018-11-15T18:48:45
ID CESA-2018:3065
Type centos
Reporter CentOS Project
Modified 2018-11-15T18:48:45

Description

CentOS Errata and Security Advisory CESA-2018:3065

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es):

  • LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)

  • LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)

  • LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)

  • LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)

  • LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005516.html

Affected packages: libkdcraw libkdcraw-devel

Upstream details at: