PT-2020-6802 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an out-of-bounds write vulnerability within the new node function in the LibRaw library, which can be triggered via a crafted X3F file. This vulnerability may allow a...

OSV-2020-1680 Use-of-uninitialized-value in LibRaw::ljpeg_diff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25291 Crash type: Use-of-uninitialized-value Crash state: LibRaw::ljpegdiff LibRaw::pentaxloadraw LibRaw::unpack...

Huawei EulerOS: Security Advisory for LibRaw (EulerOS-SA-2020-1864)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : LibRaw (EulerOS-SA-2020-1864)

According to the versions of the LibRaw package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - LibRaw::raw2image in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.CVE-2018-20363 - LibRaw::copybayer in librawcxx.cpp in LibRaw...

Oracle Linux 8 : GNOME (ELSA-2020-1766)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1766 advisory. - Fix CVE-2019-15690 an integer overflow in HandleCursorShape in a client bug 1814343 Tenable has extracted the preceding description block directly fr...

OSV-2020-1659 Use-of-uninitialized-value in LibRaw::parse_sinar_ia

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25188 Crash type: Use-of-uninitialized-value Crash state: LibRaw::parsesinaria LibRaw::identify LibRaw::opendatastream...

imagemagick:ping_dng_fuzzer: Use-of-uninitialized-value in LibRaw::parse_sinar_ia

Detailed Report: https://oss-fuzz.com/testcase?key=4967658163011584 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: pingdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::parsesinaria...

[SECURITY] Fedora 31 Update: LibRaw-0.19.5-4.fc31

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future...

PT-2020-6397 · Libraw +5 · Libraw +5

Name of the Vulnerable Software and Affected Versions: Libraw versions prior to 0.20.1 Description: The issue is related to a stack buffer overflow in the LibRaw::identify process dng fields function within the identify.cpp component of the Libraw image processing library. This overflow can be...

Fedora: Security Advisory for LibRaw (FEDORA-2020-c6fa12cfb1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 31 : LibRaw (2020-c6fa12cfb1)

Fix CVE-2020-15503 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

[SECURITY] Fedora 32 Update: LibRaw-0.19.5-4.fc32

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future...

Fedora 32 : LibRaw (2020-ed284fd64b)

Fix CVE-2020-15503 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Fedora: Security Advisory for LibRaw (FEDORA-2020-ed284fd64b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Denial Of Service (DoS)

libraw is vulnerable to denial of service DoS. The vulnerability exists due to lacks of a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating...

openSUSE Security Update : libraw (openSUSE-2020-1128)

This update for libraw fixes the following issues : - security update - added patches fix CVE-2020-15503 bsc1173674, lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network...

openSUSE: Security Advisory for libraw (openSUSE-SU-2020:1128-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1128-1 Security update for libraw

This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 bsc1173674, lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project...

Security update for libraw (moderate)

openSUSE Security Update: Security update for libraw Announcement ID: openSUSE-SU-2020:1128-1 Rating: moderate References: 1173674 Cross-References: CVE-2020-15503 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for libraw...

OSV-2020-1519 Index-out-of-bounds in DHT::hide_hots

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23837 Crash type: Index-out-of-bounds Crash state: DHT::hidehots LibRaw::dhtinterpolate LibRaw::dcrawprocess...