Advisories ยป MGASA-2017-0359

Updated rawtherapee packages fix security vulnerabilities

Publication date: 05 Oct 2017
Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-13735 , CVE-2017-14348 , CVE-2017-14265

Description

It was discovered that rawtherapee had a floating point exception in the
kodak_radc_load_raw function in dcraw.cc (CVE-2017-13735).

It was discovered that rawtherapee had a Heap-based 1 byte buffer
overflow in the processCanonCameraInfo function in dcraw.c
(CVE-2017-14348).

It was discovered that rawtherapee had a Stack Buffer Overflow in
xtrans_interpolate in dcraw.c that could allow a remote denial of
service and code execution attack (CVE-2017-14265).
                

References

SRPMS

5/core

6/core