LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:parse_qt() function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple QuickTime file.
Reference:
http://seclists.org/bugtraq/2018/Jul/58
Created LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1610152]
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1610153]