Mageia Advisory: MGASA-2017-0223 - Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities

Publication date: 28 Jul 2017
Modification date: 28 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6886 , CVE-2017-6887 , CVE-2017-6889 , CVE-2017-6890

Description

A memory corruption in parse_tiff_ifd() function (CVE-2017-6886).

A memory corruption via e.g. a specially crafted KDC file
parse_tiff_ifd() (CVE-2017-6887).

An integer overflow error within the "foveon_load_camf()" function
(CVE-2017-6889).

A boundary error within the "foveon_load_camf()" function
(CVE-2017-6890).

References

https://bugs.mageia.org/show_bug.cgi?id=21004
https://lists.opensuse.org/opensuse-updates/2017-05/msg00111.html
https://www.cve.org/CVERecord?id=CVE-2017-6886
https://www.cve.org/CVERecord?id=CVE-2017-6887
https://www.cve.org/CVERecord?id=CVE-2017-6889
https://www.cve.org/CVERecord?id=CVE-2017-6890

SRPMS

5/core

libraw-0.16.2-1.2.mga5

Advisories » MGASA-2017-0223

Updated libraw packages fix security vulnerabilities

Description

References

SRPMS

5/core