Bug 968382 (CVE-2013-2127)

Summary: CVE-2013-2127 LibRaw: buffer overrun in exposure correction code
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alekcejk, gwync, jgrulich, rdieter, siddharth.kde, smparrish, than
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: LibRaw 0.15.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:39:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 970713    
Bug Blocks:    

Description Vincent Danen 2013-05-29 15:20:15 UTC 
LibRaw 0.15.1 notes the following fix [1]:

* check for possible buffer overrun in exposure correction code

Successful exploitation could allow for the execution of arbitrary code with the privileges of the user running an application linked to LibRaw.

This has been fixed in LibRaw 0.15.1 [2].

[1] http://www.libraw.org/news/libraw-0-15-1
[2] https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
Comment 1 Vincent Danen 2013-05-29 15:26:45 UTC 
Created LibRaw tracking bugs for this issue

Affects: fedora-all [bug 968387]
Comment 2 Gwyn Ciesla 2013-05-29 15:28:51 UTC 
This seems to affect 0.15.x branch only, we ship only 0.14.x currently.  Can you verify?
Comment 3 Vincent Danen 2013-05-29 21:18:56 UTC 
This has been assigned CVE-2013-2127 as per:

http://www.openwall.com/lists/oss-security/2013/05/29/7
Comment 4 Vincent Danen 2013-05-29 23:15:25 UTC 
This one I cannot tell by looking at the code whether or not we are affected.  I'm going to email upstream and ask.
Comment 5 Vincent Danen 2013-05-30 14:16:22 UTC 
According to upstream, 0.14.x is not affected by this flaw:

"0.14.x are not affected by 'buffer overrun'  (this is not arbitrary access in 0.15 , but access to lookup table at fixed index [(unsigned)(-1)] )

The code calculating max real data value is completely different in 0.14 (and early 0.15 alphas), so no prior initialization of data maximum to -1."

Since we only ship 0.14.x, this does not affect Fedora at all.
Comment 6 Vincent Danen 2013-06-04 16:50:47 UTC 
Digikam embeds 0.15.0.beta3 and this patch applies to it, so it needs to be updated.
Comment 7 Vincent Danen 2013-06-04 17:05:50 UTC 
Created libkdcraw tracking bugs for this issue

Affects: fedora-all [bug 970713]