A flaw was found in libraw. Stack buffer overflow in LibRaw::identify_process_dng_fields in identify.cpp may lead to local denial of service or local arbitrary code execution from a user crafted file. References: https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d https://github.com/LibRaw/LibRaw/issues/330
Created LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1928796] Created kf5-libkdcraw tracking bugs for this issue: Affects: epel-8 [bug 1928801] Affects: fedora-all [bug 1928800] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1928798] Created rawtherapee tracking bugs for this issue: Affects: fedora-all [bug 1928802]
Function LibRaw::identify_process_dng_fields() in src/metadata/identify.cpp was introduced to LibRaw in version 0.20.0 via commit [1]. However, the same vulnerable code (to be precise, part of it) was already present in internal/dcraw_common.cpp since 0.19.0 [2]. For this reason, I'd consider the version of LibRaw as shipped with RHEL-8 (0.19.5) to be potentially affected by this flaw. Note that the bug is not easily reproducible on RHEL. [1] https://github.com/LibRaw/LibRaw/commit/d1975cb0e055d2bfe58c9d845c9a3e57c346a2f9 [2] https://github.com/LibRaw/LibRaw/commit/291039ba1f8c546b9100261f769f1cf6b70de7b5
Statement: LibRaw is not supposed to be used in RHEL by network-facing applications, thus reducing the impact of this flaw.
See https://bugzilla.redhat.com/show_bug.cgi?id=1853477#c2.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4381 https://access.redhat.com/errata/RHSA-2021:4381
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-24870