Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1574325 - (CVE-2018-10529) CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp
CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list function...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180427,reported=2...
: Security
Depends On: 1574329 1575863 1633708 1574326 1574327 1574328
Blocks: 1574330
  Show dependency treegraph
 
Reported: 2018-05-03 01:09 EDT by Sam Fowler
Modified: 2018-10-16 10:10 EDT (History)
6 users (show)

See Also:
Fixed In Version: LibRaw 0.18.10
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sam Fowler 2018-05-03 01:09:20 EDT 
LibRaw through version 0.18.9 is vulnerable to an out-of-bounds read in the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. An attacker could exploit this to cause a crash via crafted file.


Upstream Issue:

https://github.com/LibRaw/LibRaw/issues/144

Upstream Patch:

https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
Comment 1 Sam Fowler 2018-05-03 01:10:50 EDT 
Created LibRaw tracking bugs for this issue:

Affects: epel-6 [bug 1574329]
Affects: fedora-all [bug 1574326]


Created mingw-LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 1574327]
Comment 4 Debarshi Ray 2018-09-27 09:30:27 EDT 
This was fixed in LibRaw 0.19 Beta-4.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.