Updated libraw packages fix a security vulnerability
Publication date: 17 Sep 2020Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15503
Description
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)
References
- https://bugs.mageia.org/show_bug.cgi?id=26933
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/
- https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
- https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503
SRPMS
7/core
- libraw-0.19.2-1.1.mga7