LibRaw is vulnerable to a denial of service, caused by a flaw in the parse_rollei function in internal/dcraw_common.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. References: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
Created LibRaw tracking bugs for this issue: Affects: epel-6 [bug 1661611] Affects: fedora-28 [bug 1661609] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1661610]
Upstream patch: https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
Function parse_rollei() does not check the return value of the fgets() function and it assumes a "DSC-Image" file always have the terminator tag "EOHD". When the file terminates before finding the "EOHD" tag, parse_rollei() keeps trying to read bytes from the file and it fails, but given no check is performed, it keeps looping forever.
Fixed in LibRaw-0.19.1