Bug 1609954 (CVE-2018-5813)

Summary: CVE-2018-5813 libRaw: infinite loop in the parse_minolta function in dcraw/dcraw.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: debarshir
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libRaw 0.18.11 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-22 04:31:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1543597, 1609955, 1611636, 1633708    
Bug Blocks: 1609957    

Description Laura Pardo 2018-07-30 21:48:13 UTC 
A flaw was found in LibRaw. An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. This can be exploited by malicious people to cause a DoS (Denial of Service). 


References:
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
Comment 3 Stefan Cornelius 2018-08-02 14:09:37 UTC 
Patch:
https://github.com/LibRaw/LibRaw/commit/8260dcf3db045923a5ca5c05170f9bc7a4bd971

Note that there's a related follow-up patch:
https://github.com/LibRaw/LibRaw/commit/70ce43d02602a7756937fadde3cab32d3ae3eef9
Comment 5 Stefan Cornelius 2018-08-02 14:10:49 UTC 
Statement:

This issue affects the versions of LibRaw as shipped with Red Hat Enterprise Linux 7.
Comment 7 Debarshi Ray 2018-09-27 13:36:46 UTC 
Also known as Secunia Advisory SA83050 ...

(In reply to Stefan Cornelius from comment #3)
> Patch:
> https://github.com/LibRaw/LibRaw/commit/
> 8260dcf3db045923a5ca5c05170f9bc7a4bd971

This is already in LibRaw 0.19 Beta-5 and 0.18.11.

> Note that there's a related follow-up patch:
> https://github.com/LibRaw/LibRaw/commit/
> 70ce43d02602a7756937fadde3cab32d3ae3eef9

This one is only present in the 0.19-stable branch and hasn't seen a release yet.
Comment 10 Product Security DevOps Team 2020-04-22 04:31:59 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-5813