Updated rawtherapee packages fix security vulnerabilities
Publication date: 05 Oct 2017Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-13735 , CVE-2017-14348 , CVE-2017-14265
Description
It was discovered that rawtherapee had a floating point exception in the
kodak_radc_load_raw function in dcraw.cc (CVE-2017-13735).
It was discovered that rawtherapee had a Heap-based 1 byte buffer
overflow in the processCanonCameraInfo function in dcraw.c
(CVE-2017-14348).
It was discovered that rawtherapee had a Stack Buffer Overflow in
xtrans_interpolate in dcraw.c that could allow a remote denial of
service and code execution attack (CVE-2017-14265).
References
- https://bugs.mageia.org/show_bug.cgi?id=21755
- https://github.com/Beep6581/RawTherapee/issues/4061
- https://github.com/Beep6581/RawTherapee/issues/4084
- https://github.com/LibRaw/LibRaw/issues/99
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TVI7PQ5NTNFOL4EQTLNZOPGCDLKJKXST/
- https://www.libraw.org/news/libraw-0-18-4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265
SRPMS
6/core
- rawtherapee-5.1-1.2.mga6
5/core
- rawtherapee-4.1-4.2.mga5