OSV-2023-184 UNKNOWN READ in LibRaw::sget4

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57105 Crash type: UNKNOWN READ Crash state: LibRaw::sget4 LibRaw::parseAdobeRAFMakernote LibRaw::parsetiffifd...

Fedora: Security Advisory for mingw-LibRaw (FEDORA-2023-220878f1bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-35704 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to a crash in LibRaw, specifically in the LibRaw::sget4 function, which is called by LibRaw::parseAdobeRAFMakernote and LibRaw::parse tiff ifd. The crash type is reporte...

Fedora: Security Advisory for mingw-LibRaw (FEDORA-2023-be842ba7fb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: mingw-LibRaw-0.20.2-8.fc37

MinGW Windows LibRaw library...

[SECURITY] Fedora 36 Update: mingw-LibRaw-0.20.2-8.fc36

MinGW Windows LibRaw library...

Fedora 37 : mingw-LibRaw (2023-be842ba7fb)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-be842ba7fb advisory. Backport fix for CVE-2021-32142 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 36 : mingw-LibRaw (2023-220878f1bf)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-220878f1bf advisory. Backport fix for CVE-2021-32142 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Debian: Security Advisory (DLA-243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the LibRaw::adobe_copy_pixel() function in the LibRaw image processing library allows a attacker to trigger a service failure.

The vulnerability of the LibRaw::adobecopypixel function in the LibRaw image processing library is related to the situation where the operation’s output goes beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a attacker to trigger a service denial using a specially...

MGASA-2023-0082 Updated libraw packages fix security vulnerability

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::getschar, int in /src/libraw/src/librawdatastream.cpp. CVE-2021-32142...

Updated libraw packages fix security vulnerability

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::getschar, int in /src/libraw/src/librawdatastream.cpp. CVE-2021-32142...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libraw (SUSE-SU-2023:0512-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0512-1 advisory. - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via t...

SUSE SLED12 / SLES12 Security Update : libraw (SUSE-SU-2023:0510-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0510-1 advisory. - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libraw (SUSE-SU-2023:0511-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0511-1 advisory. - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via t...

SUSE-SU-2023:0512-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2021-32142: Fixed buffer overflow in the LibRawbufferdatastream:gets function bsc1208470...

SUSE-SU-2023:0511-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2021-32142: Fixed buffer overflow in the LibRawbufferdatastream:gets function bsc1208470...

SUSE-SU-2023:0510-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2021-32142: Fixed buffer overflow in the LibRawbufferdatastream:gets function bsc1208470...

OSV-2023-90 Heap-buffer-overflow in LibRaw_buffer_datastream::scanf_one

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56160 Crash type: Heap-buffer-overflow READ 1 Crash state: LibRawbufferdatastream::scanfone LibRaw::parsemos LibRaw::parsetiffifd...

CVE-2021-32142

A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...