Bug 1661520 (CVE-2018-5809)
| Summary: | CVE-2018-5809 LibRaw: stack-based buffer overflow in LibRaw::parse_exif() and subsequently execute arbitrary code | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | debarshir |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | LibRaw 0.18.9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-03 09:38:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1661521 | ||
| Bug Blocks: | 1661524 | ||
|
Description
Laura Pardo
2018-12-21 13:01:10 UTC
Created LibRaw tracking bugs for this issue: Affects: epel-6 [bug 1661521] Increase Impact of the flaw to Important and set C:H/I:H/A:H because arbitrary code execution may be possible on affected versions. Function parse_exif() in internal/dcraw_common.cpp does not check the "len" variable when tag is equal to 37500 and it may reads more than 512 bytes in the mn_text array, causing a stack-based buffer overflow and subsequently execute arbitrary code. Statement: This issue did not affect the versions of LibRaw as shipped with Red Hat Enterprise Linux 7 as the vulnerable code is not present. |