An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
This was fixed in LibRaw-0.18.7. The commit message has 7 typoed as 17.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3065 https://access.redhat.com/errata/RHSA-2018:3065