Advisories ยป MGASA-2017-0357

Updated libraw packages fix security vulnerabilities

Publication date: 05 Oct 2017
Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-13735 , CVE-2017-14265 , CVE-2017-14348

Description

There is a floating point exception in the kodak_radc_load_raw function
in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of
service attack. (CVE-2017-13735)

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in
internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a
remote denial of service or code execution attack. (CVE-2017-14265)

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the
processCanonCameraInfo function via a crafted file. (CVE-2017-14348)
                

References

SRPMS

5/core

6/core