Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 https://github.com/LibRaw/LibRaw/issues/400
Created LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2172133] Created digikam tracking bugs for this issue: Affects: epel-all [bug 2172134] Affects: fedora-all [bug 2172135] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2172136]
Here's an attempted backport for LibRaw 0.19.x: https://github.com/LibRaw/LibRaw/pull/611
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6343 https://access.redhat.com/errata/RHSA-2023:6343
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:0343 https://access.redhat.com/errata/RHSA-2024:0343
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2994 https://access.redhat.com/errata/RHSA-2024:2994