Advisories ยป MGASA-2020-0368

Updated libraw packages fix a security vulnerability

Publication date: 17 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15503

Description

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects
decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength. (CVE-2020-15503)
                

References

SRPMS

7/core