Bug 1553334 (CVE-2018-5801)

Summary: CVE-2018-5801 LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: debarshir, extras-orphan, gwync, hobbes1069, jridky, manisandro, mattdm, mattia.verga, nphilipp, ry, sebastian, siddharth.kde, siddhesh, than, thibault.north
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: LibRaw 0.18.7 Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:17:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1543597, 1557157, 1557158, 1557159, 1557160, 1557161, 1557162, 1557163, 1557165, 1557170, 1557171, 1557172, 1557173    
Bug Blocks: 1553339    

Description Pedro Sampaio 2018-03-08 17:14:05 UTC 
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.

External References:

https://packetstormsecurity.com/files/146172/secunia-libraw.txt

Upstream Patch:

https://github.com/LibRaw/LibRaw/commit/8682ad204392b91
Comment 3 Dhiru Kholia 2018-03-16 06:38:15 UTC 
Created mingw-LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 1557159]


Created dcraw tracking bugs for this issue:

Affects: fedora-all [bug 1557160]


Created LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 1557157]


Created rawtherapee tracking bugs for this issue:

Affects: fedora-all [bug 1557163]


Created libkdcraw tracking bugs for this issue:

Affects: fedora-all [bug 1557161]


Created LibRaw tracking bugs for this issue:

Affects: epel-6 [bug 1557162]
Comment 7 Debarshi Ray 2018-09-27 13:49:44 UTC 
This was fixed in LibRaw-0.18.7. The commit message has 7 typoed as 17.
Comment 8 errata-xmlrpc 2018-10-30 07:29:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3065 https://access.redhat.com/errata/RHSA-2018:3065