libraw:libraw_fuzzer: Use-of-uninitialized-value in LibRaw::copy_bayer

Detailed Report: https://oss-fuzz.com/testcase?key=6270484961558528 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzermsanlibraw Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::copybayer LibRaw::raw2imageex...

libraw:libraw_fuzzer: Use-of-uninitialized-value in LibRaw::open_datastream

Detailed Report: https://oss-fuzz.com/testcase?key=5149214224154624 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzermsanlibraw Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::opendatastream LibRaw::openbuffer...

libraw:libraw_fuzzer: Use-of-uninitialized-value in LibRaw::median4

Detailed Report: https://oss-fuzz.com/testcase?key=4855186442158080 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzermsanlibraw Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::median4 LibRaw::fillholes...

libraw:libraw_fuzzer: Stack-buffer-overflow in __libcpp_strchr

Project: https://github.com/libraw/libraw.git Detailed Report: https://oss-fuzz.com/testcase?key=5640387220996096 Project: libraw Fuzzing Engine: honggfuzz Fuzz Target: librawfuzzer Job Type: honggfuzzasanlibraw Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7f5f52e128...

libraw:libraw_fuzzer: Stack-buffer-overflow in LibRaw_buffer_datastream::gets

Project: https://github.com/libraw/libraw.git Detailed Report: https://oss-fuzz.com/testcase?key=5070269470474240 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzerasanlibraw Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 1 Crash Address:...

libraw:libraw_fuzzer: Index-out-of-bounds in LibRaw::parseCR3

Project: https://github.com/libraw/libraw.git Detailed Report: https://oss-fuzz.com/testcase?key=4891372976078848 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzerubsanlibraw Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State:...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in __libcpp_strchr

Detailed Report: https://oss-fuzz.com/testcase?key=5736051093274624 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffd87930840 Crash State: libcppstrchr...

Arbitrary Code Execution

libraw is vulnerable to arbitrary code execution. The vulnerability exists as a boundary error within the "parsetiffifd" function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to...

Arbitrary Code Execution

libraw is vulnerable to arbitrary code execution. The vulnerability exists as the phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

Arbitrary Code Execution

libraw is vulnerable to arbitrary code execution. The vulnerability exists as an array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

GNOME security, bug fix, and enhancement update

accountsservice 0.6.50-8 - Dont set HasNoUsers=true if realmd has providers Related: 1750516 appstream-data 8-20191129 - Regenerate the RHEL metadata to include the latest evince changes - Resolves: 1768461 clutter 1.26.2-8 - rebuild to get the new in 8.2.0 - plus address 1785233 evince 3.28.4-4 ...

Privilege Escalation

LibRaw is vulnerable to privilege escalation. The vulnerability exists through a stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp...

Moderate: Red Hat Security Advisory: GNOME security, bug fix, and enhancement update

An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

GNOME security, bug fix, and enhancement update

An update is available for mozjs52, gnome-tweaks, clutter, gnome-menus, mozjs60, baobab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME is the default...

RLSA-2020:1766 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of Rocky Linux. Security Fixes: LibRaw: stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp CVE-2018-20337 gdm: lock screen bypass when timed login is enabled CVE-2019-3825 gvfs: mishandling of file ownership in...

The vulnerability of the parse_rollei() function in the LibRaw image processing library allows a hacker to trigger a service failure.

The vulnerability of the “parserollei” function internal/dcrawcommon.cpp in the LibRaw image processing library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the parse_sinar_ia() function in the LibRaw image processing library allows a hacker to trigger a service failure.

The vulnerability of the parsesinaria function in the LibRaw image processing library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

imagemagick:encoder_dng_fuzzer: Use-of-uninitialized-value in LibRaw::parse_fuji_compressed_header

Detailed Report: https://oss-fuzz.com/testcase?key=5634881263763456 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::parsefujicompressedhead...

CentOS 7 : GNOME (RHSA-2020:1021)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1021 advisory. - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to...

CVE-2018-5805

LibRaw is vulnerable to stack-based buffer overflow in internal/dcrawcommon.cpp:quicktake100loadraw function when processing specially-crafted RAW data. An attacker could potentially use this flaw to cause an arbitrary code execution or denial of service...