libraw -- memory objects not properly initialized

ID 6BC6EED2-9CCA-11E5-8C2B-C335FA8985D7
Type freebsd
Reporter FreeBSD
Modified 2015-11-30T00:00:00


ChenQin reports:

The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems. In CVE-2015-8367, LibRaw's phase_one_correct function does not handle memory initialization correctly, which may cause other problems.