LibRaw is vulnerable to a denial of service, caused by a flaw in the parse_sinar_ia function in internal/dcraw_common.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. References: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
Created LibRaw tracking bugs for this issue: Affects: epel-6 [bug 1661607] Affects: fedora-28 [bug 1661605] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1661606]
Upstream patch: https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
Function parse_sinar_ia() execute a loop for X times, where X is read from the file and is not properly checked. By providing a very large number (or a negative one) it is possible to execute the loop many time and waste resources.
Fixed in LibRaw-0.19.1
CVE-2018-5819 has been resolved in Red Hat Enterprise Linux 7 as part of advisory https://access.redhat.com/errata/RHBA-2019:2044 .