USN-3838-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : LibRaw vulnerabilities (USN-3838-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3838-1 advisory. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a...

Ubuntu: Security Advisory (USN-3838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

imagemagick/crop_fuzzer: Index-out-of-bounds in LibRaw::parse_fuji

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5187732979580928 Project: imagemagick Fuzzer: libFuzzerimagemagickcropfuzzer Fuzz target binary: cropfuzzer Job Type: libfuzzerubsanimagemagick Platform Id: linux Crash Type:...

LibRaw 'quicktake_100_load_raw()' function stack buffer overflow vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A stack buffer overflow vulnerability exists in the 'quicktake100loadraw' function in the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.8. An attacker can...

libkdcraw security update

4.10.5-5 - Resolves: 1557171, 1557189, 1558954 use the system LibRaw...

LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp

An out-of-bounds read flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp

A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp

LibRaw is vulnerable to stack-based buffer overflow in internal/dcrawcommon.cpp:quicktake100loadraw function when processing specially-crafted RAW data. An attacker could potentially use this flaw to cause an arbitrary code execution or denial of service...

LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp

A NULL pointer dereference vulnerability in internal/dcrawcommon.cpp:leafhdrloadraw function was found in LibRaw. A user can cause a denial of service when processing specially-crafted RAW data...

LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp

A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

LibRaw 'parse_minolta()' function denial of service vulnerability

LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A security vulnerability exists in the 'parseminolta' function in the dcraw/dcraw.c file in LibRaw versions prior to 0.18.11. An attacker can exploit this vulnerability to cause a denial of service infinit...

LibRaw 'LibRaw::unpack' function null pointer backreference vulnerability

LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A null pointer back-reference vulnerability exists in the 'LibRaw::unpack' function src/librawcxx.cpp file in versions of LibRaw prior to 0.18.7. An attacker can exploit this vulnerability with a specially...

LibRaw 'rollei_load_raw()' function heap buffer overflow vulnerability

LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A heap buffer overflow vulnerability exists in the 'rolleiloadraw' function in the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.9. A remote attacker can exploit this vulnerability with th...

Ubuntu: Security Advisory (USN-3639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 Security Update : libraw (SUSE-SU-2018:3343-1)

This update for libraw fixes the following issues : Security issues fixed : CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodakycbcrloadraw function bsc1084691. CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function bsc1084690. CVE-2018-5802: Fixed out-of-bounds rea...

SUSE-SU-2018:3343-1 Security update for libraw

This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodakycbcrloadraw function bsc1084691. - CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function bsc1084690. - CVE-2018-5802: Fixed out-of-bounds...

imagemagick/rotate_fuzzer: Index-out-of-bounds in LibRaw::subtract_black_internal

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5713220651188224 Project: imagemagick Fuzzer: libFuzzerimagemagickrotatefuzzer Fuzz target binary: rotatefuzzer Job Type: libfuzzerubsanimagemagick Platform Id: linux Crash Type:...

imagemagick/encoder_dng_fuzzer: Use-of-uninitialized-value in LibRaw::identify

Detailed report: https://oss-fuzz.com/testcase?key=5071707965489152 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

imagemagick/encoder_dng_fuzzer: Use-of-uninitialized-value in LibRaw::copy_bayer

Detailed report: https://oss-fuzz.com/testcase?key=5714771505053696 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...