Advisories » MGASA-2014-0081

Updated rawtherapee package fixes security vulnerability

Publication date: 17 Feb 2014
Modification date: 17 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-1438

Description

Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input
files might trigger a division by zero, an infinite loop, or a null pointer
dereference (CVE-2013-1438).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12693
• https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124176.html
• http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1438.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438

SRPMS

3/core

• rawtherapee-4.0.7-3.1.mga3

4/core

• rawtherapee-4.0.11-2.1.mga4