Advisory ROSA-SA-2024-2474

software: libraw 0.20.2 OS: ROSA-CHROME packageevrstring: libraw-0.20.2-4 CVE-ID: CVE-2020-22628 BDU-ID: 2023-05897 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibRaw::stretch function of the LibRaw image processing library is related to an operation exceeding buffer boundaries in memory...

OSV-2024-792 Index-out-of-bounds in AAHD::make_ahd_rb_hv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42536934 Crash type: Index-out-of-bounds Crash state: AAHD::makeahdrbhv AAHD::makeahdrb LibRaw::aahdinterpolate...

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp postprocessing/mem_image.cpp and utils/thumb_utils.cpp. For example malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

...

CVE-2020-15503 affecting package LibRaw for versions less than 0.19.5-5

CVE-2020-15503 affecting package LibRaw for versions less than 0.19.5-5. A patched version of the package is available...

OPENSUSE-SU-2024:13252-1 libraw-devel-0.21.1-3.1 on GA media

These are all security issues fixed in the libraw-devel-0.21.1-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10156-1 libraw-devel-0.17.2-1.4 on GA media

These are all security issues fixed in the libraw-devel-0.17.2-1.4 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10980-1 libraw-devel-0.20.2-4.1 on GA media

These are all security issues fixed in the libraw-devel-0.20.2-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12901-1 libraw-devel-0.21.1-2.1 on GA media

These are all security issues fixed in the libraw-devel-0.21.1-2.1 package on the GA media of openSUSE Tumbleweed...

LibRaw security update

An update is available for LibRaw. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibRaw is a library for reading RAW files obtained from digital photo cameras...

RLSA-2024:2994 Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...

Rocky Linux 8 : LibRaw (RLSA-2024:2994)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2994 advisory. LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 Tenable has extracted the preceding description block...

RHEL 5 : dcraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - LibRaw: Index overflow in smaldecodesegment CVE-2015-8366 - Unspecified vulnerability in dcraw 0.8.x...

RHEL 8 : libraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - LibRaw: Out-of-bounds read in X3F property table list functionality in librawx3f.cpp and librawcxx.cpp...

RHEL 6 : dcraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - LibRaw: Memory objects are not intialized properly CVE-2015-8367 - Unspecified vulnerability in dcraw 0.8...

RHEL 7 : libraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libraw: Memory corruption in the parsetiffifd CVE-2017-6886 - A boundary error within the parsetiffifd...

Oracle Linux 8 : LibRaw (ELSA-2024-2994)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2994 advisory. 0.19.5-4 - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523 Tenable has extracted the preceding description block directly from the Oracle Linu...

LibRaw security update

0.19.5-4 - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523...

RHEL 8 : LibRaw (RHSA-2024:2994)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2994 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffe...

LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp

A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...

Moderate: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...