Bug 1494405 – CVE-2017-14265 libraw: Stack based buffer overflow in the xtrans_interpolate function

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1494405 - (CVE-2017-14265) CVE-2017-14265 libraw: Stack based buffer overflow in the xtrans_interpolate function

Summary:	CVE-2017-14265 libraw: Stack based buffer overflow in the xtrans_interpolate ...

Status:	CLOSED WONTFIX

Aliases:	CVE-2017-14265

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20170908,reported=2...
Keywords:	Security

Depends On:	1492123 1492126 1494406 1499690
Blocks:	1494408
	Show dependency tree / graph

Reported:	2017-09-22 04:24 EDT by Andrej Nemec
Modified:	2017-10-09 05:13 EDT (History)
CC List:	20 users (show)

See Also:
Fixed In Version:	libraw 0.18.3
Doc Type:	If docs needed, set a value
Doc Text:	A stack buffer overflow flaw was found in the way dcraw handled processing of RAW image files. This flaw could potentially be used to crash the dcraw process by supplying it a specially crafted image file .
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-09-27 07:40:22 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Andrej Nemec 2017-09-22 04:24:34 EDT

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow for a denial of service.

Upstream issue:

https://github.com/LibRaw/LibRaw/issues/99

Upstream patch:

https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2

Comment 1 Andrej Nemec 2017-09-22 04:25:50 EDT

Created LibRaw tracking bugs for this issue:

Affects: epel-6 [bug 1494406]


Created dcraw tracking bugs for this issue:

Affects: fedora-all [bug 1492123]


Created libkdcraw tracking bugs for this issue:

Affects: fedora-all [bug 1492126]

Comment 7 Dhiru Kholia 2017-09-27 07:39:41 EDT

Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 8 Andrej Nemec 2017-10-09 05:13:39 EDT

Created mingw-LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 1499690]

Note You need to log in before you can comment on or make changes to this bug.

alekcejk
dchen
debarshir
dkholia
extras-orphan
fweimer
hobbes1069
jreznik
jridky
kde-sig
limburgher
manisandro
mattdm
mattia.verga
nphilipp
rdieter
sebastian
siddharth.kde
than
thibault.north