Lucene search

DebianDEBIAN:DLA-2903-1:D809F

HistoryJan 29, 2022 - 1:18 p.m.

[SECURITY] [DLA 2903-1] libraw security update

2022-01-2913:18:14

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.5%

JSON

Debian LTS Advisory DLA-2903-1 [email protected]
https://www.debian.org/lts/security/ Abhijith PA
January 29, 2022 https://wiki.debian.org/LTS

Package : libraw
Version : 0.17.2-6+deb9u2
CVE ID : CVE-2017-13735 CVE-2017-14265 CVE-2017-14348
CVE-2017-14608 CVE-2017-16909 CVE-2017-16910
CVE-2018-5800 CVE-2018-5801 CVE-2018-5802
CVE-2018-5804 CVE-2018-5805 CVE-2018-5806
CVE-2018-5807 CVE-2018-5808 CVE-2018-5810
CVE-2018-5811 CVE-2018-5812 CVE-2018-5813
CVE-2018-5815 CVE-2018-5817 CVE-2018-5818
CVE-2018-5819 CVE-2018-20363 CVE-2018-20364
CVE-2018-20365

Several vulnerabilities have been discovered in libraw that
may lead to the execution of arbitrary code, denial of service, or
information leaks.

CVE-2017-13735

There is a floating point exception in the kodak_radc_load_raw 
function. It will lead to a remote denial of service attack.

CVE-2017-14265

A Stack-based Buffer Overflow was discovered in xtrans_interpolate 
method. It could allow a remote denial of service or code 
execution attack.

CVE-2017-14348

There is a heap-based Buffer Overflow in the  
processCanonCameraInfo function.

CVE-2017-14608

An out of bounds read flaw related to kodak_65000_load_raw has 
been reported in libraw. An attacker could possibly exploit this 
flaw to disclose potentially sensitive memory or cause an 
application crash.

CVE-2017-16909

An error related to the &quot;LibRaw::panasonic_load_raw()&quot; function 
can be exploited to cause a heap-based buffer overflow and 
subsequently cause a crash via a specially crafted TIFF image. 
xtrans_interpolate method. It could allow a remote denial of 
service or code execution attack.

CVE-2017-16910

An error within the &quot;LibRaw::xtrans_interpolate()&quot; function can be 
exploited to cause an invalid read memory access and subsequently 
a Denial of Service condition.

CVE-2018-5800

An off-by-one error within the &quot;LibRaw::kodak_ycbcr_load_raw()&quot; 
function can be exploited to cause a heap-based buffer overflow 
and subsequently cause a crash.

CVE-2018-5801

An error within the &quot;LibRaw::unpack()&quot; function can be exploited 
to trigger a NULL pointer dereference.

CVE-2018-5802

An error within the &quot;kodak_radc_load_raw()&quot; function can be 
exploited to cause an out-of-bounds read memory access and 
subsequently cause a crash.

CVE-2018-5804

A type confusion error within the &quot;identify()&quot; function can be 
exploited to trigger a division by zero.

CVE-2018-5805

A boundary error within the &quot;quicktake_100_load_raw()&quot; function 
can be exploited to cause a stack-based buffer overflow and 
subsequently cause a crash.

CVE-2018-5806

An error within the &quot;leaf_hdr_load_raw()&quot; function 
can be exploited to trigger a NULL pointer dereference.

CVE-2018-5807

An error within the &quot;samsung_load_raw()&quot; function 
can be exploited to cause an out-of-bounds read memory access and 
subsequently cause a crash.

CVE-2018-5808

An error within the &quot;find_green()&quot; function can be exploited to 
cause a stack-based buffer overflow and subsequently execute 
arbitrary code.

CVE-2018-5810

An error within the &quot;rollei_load_raw()&quot; function can be exploited 
to cause a heap-based buffer overflow and subsequently cause a 
crash.

CVE-2018-5811

An error within the &quot;nikon_coolscan_load_raw()&quot; function 
can be exploited to cause an out-of-bounds read memory access and 
subsequently cause a crash.

CVE-2018-5812

An error within the &quot;nikon_coolscan_load_raw()&quot; function can be 
exploited to trigger a NULL pointer dereference.

CVE-2018-5813

An error within the &quot;parse_minolta()&quot; function can be exploited to 
trigger an infinite loop via a specially crafted file.

CVE-2018-5815

An integer overflow error within the &quot;parse_qt()&quot; function can be 
exploited to trigger an infinite loop via a specially crafted 
Apple QuickTime file.

CVE-2018-5817

A type confusion error within the &quot;unpacked_load_raw()&quot; function 
can be exploited to trigger an infinite loop.

CVE-2018-5818

An error within the &quot;parse_rollei()&quot; function can be exploited to 
trigger an infinite loop.

CVE-2018-5819

An error within the &quot;parse_sinar_ia()&quot; function can be exploited to exhaust available CPU resources.

CVE-2018-20363

LibRaw::raw2image has a NULL pointer dereference.

CVE-2018-20364

LibRaw::copy_bayer has a NULL pointer dereference

CVE-2018-20365

LibRaw::raw2image() has a heap-based buffer overflow.

For Debian 9 stretch, these problems have been fixed in version
0.17.2-6+deb9u2.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armellibraw-dev< 0.17.2-6+deb9u2libraw-dev_0.17.2-6+deb9u2_armel.deb
Debian9i386libraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_i386.deb
Debian9arm64libraw-dev< 0.17.2-6+deb9u2libraw-dev_0.17.2-6+deb9u2_arm64.deb
Debian9amd64libraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_amd64.deb
Debian9armellibraw15< 0.17.2-6+deb9u2libraw15_0.17.2-6+deb9u2_armel.deb
Debian9armellibraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_armel.deb
Debian9alllibraw-doc< 0.17.2-6+deb9u2libraw-doc_0.17.2-6+deb9u2_all.deb
Debian9arm64libraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_arm64.deb
Debian9arm64libraw15< 0.17.2-6+deb9u2libraw15_0.17.2-6+deb9u2_arm64.deb
Debian9alllibraw< 0.17.2-6+deb9u2libraw_0.17.2-6+deb9u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libraw-dev	< 0.17.2-6+deb9u2	libraw-dev_0.17.2-6+deb9u2_armel.deb
Debian	9	i386	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_i386.deb
Debian	9	arm64	libraw-dev	< 0.17.2-6+deb9u2	libraw-dev_0.17.2-6+deb9u2_arm64.deb
Debian	9	amd64	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_amd64.deb
Debian	9	armel	libraw15	< 0.17.2-6+deb9u2	libraw15_0.17.2-6+deb9u2_armel.deb
Debian	9	armel	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_armel.deb
Debian	9	all	libraw-doc	< 0.17.2-6+deb9u2	libraw-doc_0.17.2-6+deb9u2_all.deb
Debian	9	arm64	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_arm64.deb
Debian	9	arm64	libraw15	< 0.17.2-6+deb9u2	libraw15_0.17.2-6+deb9u2_arm64.deb
Debian	9	all	libraw	< 0.17.2-6+deb9u2	libraw_0.17.2-6+deb9u2_all.deb