libraw.so is vulnerable to Buffer Overflows. The vulnerability exists in libraw_datastream.cpp
because the input buffer size on datastream::gets
is not properly checked, resulting in an application crash.
github.com/advisories/GHSA-2vqp-59qv-pmrc
github.com/gtt1995
github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
github.com/LibRaw/LibRaw/issues/400
lists.debian.org/debian-lts-announce/2023/05/msg00025.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/
lists.fedoraproject.org/archives/list/[email protected]/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/
lists.fedoraproject.org/archives/list/[email protected]/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/
www.debian.org/security/2023/dsa-5412
www.libraw.org/