LibRaw 0.18.7 Denial Of Service Vulnerability

🗓️ 01 Feb 2018 00:00:00Reported by Laurent DelosieresType

zdt🔗 0day.today👁 34 Views

LibRaw 0.18.7 Denial Of Service Vulnerability, heap-based buffer overflow, NULL pointer dereference, out-of-bounds read memory acces

Reporter	Title	Published	Views	Family All 96
FreeBSD	libraw -- multiple DoS vulnerabilities	16 Jan 201800:00	–	freebsd
BDU FSTEC	The vulnerability of the LibRaw::kodak_ycbcr_load_raw function in the LibRaw image processing library, which is related to buffer overflow attacks, allows attackers to cause a service failure.	6 Jun 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability in the `src/libraw_cxx.cpp` component of the LibRaw image processing library allows a hacker to trigger a service failure.	23 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to trigger a service failure.	28 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.	28 Sep 202200:00	–	bdu_fstec
Tenable Nessus	CentOS 7 : libkdcraw (CESA-2018:3065)	16 Nov 201800:00	–	nessus
Tenable Nessus	Debian DLA-1734-1 : libraw security update	29 Mar 201900:00	–	nessus
Tenable Nessus	Debian DLA-2903-1 : libraw - LTS security update	22 Feb 202200:00	–	nessus
Tenable Nessus	Fedora 28 : dcraw (2018-866bd0e3c2)	3 Jan 201900:00	–	nessus
Tenable Nessus	FreeBSD : libraw -- multiple DoS vulnerabilities (6f0b0cbf-1274-11e8-8b5b-4ccc6adda413)	16 Feb 201800:00	–	nessus

LibRaw 0.18.7 Denial Of Service Vulnerability


======================================================================
1) Affected Software

* LibRaw versions prior to 0.18.7.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Denial of Service
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered multiple vulnerabilities in LibRaw,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

1) An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function (internal/dcraw_common.cpp) can be exploited to cause a heap-
based buffer overflow and subsequently cause a crash.

2) An   error   within   the   "LibRaw::unpack()"   function
(src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer
dereference.

3) An   error   within   the   "kodak_radc_load_raw()"   function
(internal/dcraw_common.cpp) related to the "buf" variable can be
exploited to  cause  an out-of-bounds read memory access  and
subsequently cause a crash.

Successful exploitation of this vulnerability requires the library to
be compiled with the "-O0" compilation flag.

The vulnerabilities are confirmed in version 0.18.6 and reported in
versions prior to 0.18.7.

======================================================================
4) Solution

Update to version 0.18.7.

======================================================================
5) Time Table

2018/01/16 - Maintainer contacted with the vulnerability details.
2018/01/19 - Maintainer confirmed the vulnerabilities.
2018/01/19 - Maintainer released a fix.
2018/01/25 - Release of Secunia Advisory SA79000.
2018/01/29 - Public disclosure of Secunia Research Advisory.

======================================================================
6) Credits

Laurent Delosieres, Secunia Research at Flexera Software.

======================================================================
7) References

The   Flexera Software CNA   has   assigned   the   CVE-2018-5800,
CVE-2018-5801, and CVE-2018-5802 identifiers for the vulnerabilities
through the Common Vulnerabilities and Exposures (CVE) project.

#  0day.today [2018-03-13]  #

01 Feb 2018 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.01527