LibRaw, accountsservice, colord, control, gdm, gnome, gsettings, gtk, gtk3, libcanberra, libgweather, mutter, nautilus, osinfo, shared, tracker, xchat security update

CentOS Errata and Security Advisory CESA-2020:1021 An update for GNOME is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PT-2020-6850 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an out-of-bounds read within the LibRaw::adobe copy pixel function when reading data from an image file. This can potentially allow an attacker to cause a denial of...

GNOME security, bug fix, and enhancement update

accountsservice 0.6.50-7 - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: 1721562 colord 1.3.4-2 - Downgrade a trivial warning to a debug statement - Resolves: 1421231 control-center 3.28.1-6 - Calculate better extents for the configured displays arrangement...

CVE-2018-5801

A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

Updated dcraw packages fix security vulnerabilities

The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...

PT-2020-6981 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability within the get huffman diff function in the librawsrcx3fx3f utils patched.cpp component of the LibRaw library for image processing...

CVE-2018-5800

A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

imagemagick:crop_fuzzer: Use-of-uninitialized-value in LibRaw::open_datastream

Detailed Report: https://oss-fuzz.com/testcase?key=5724383278792704 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: cropfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::opendatastream LibRaw::openfi...

CVE-2018-5804

A type confusion error within the "identify" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero...

imagemagick:crop_fuzzer: Use-of-uninitialized-value in LibRaw::panasonic_load_raw

Detailed Report: https://oss-fuzz.com/testcase?key=5199241358344192 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: cropfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::panasonicloadraw LibRaw::unpa...

CVE-2015-8366

Array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

DEBIAN-CVE-2015-8366

Array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

DEBIAN-CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

ALPINE-CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8366

Array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

Information disclosure

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

Code injection

Array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

CVE-2015-8366

CVE-2015-8366 : In LibRaw, an array index error in the smal_decode_segment function prior to 0.17.1 can enable context-dependent attackers to trigger memory errors and possibly execute arbitrary code via index-related vectors. Several connected sources confirm the issue is tied to LibRaw before 0...