Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. References: https://github.com/LibRaw/LibRaw/issues/269 https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a
Created LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2235273] Created LibRaw-epel tracking bugs for this issue: Affects: epel-all [bug 2235275] Created digikam tracking bugs for this issue: Affects: epel-all [bug 2235277] Affects: fedora-all [bug 2235276] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2235274]
> https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a This is very old commit. There are a lot of changes after it https://github.com/LibRaw/LibRaw/commits/master/src/metadata/identify.cpp digiKam uses LibRaw snapshot 2023-05-14. Is this bug really actual?
The buffer overflow vulnerability was fixed in version LibRaw 0.20-RC2. Currently all active branches are built at least with the same version: Fedora 40 LibRaw-0.21.1-7.fc40 Fedora 39 LibRaw-0.21.1-5.fc39 Fedora 38 LibRaw-0.21.1-4.fc38 Fedora 37 LibRaw-0.20.2-8.fc37 This bug can be closed.