LibRaw 0.15.2 notes the following fix :
* Fixed possible double call to free() on error recovery on damaged full-color (Foveon, sRAW) files.
Successful exploitation could allow for the execution of arbitrary code with the privileges of the user running an application linked to LibRaw.
This has been fixed in LibRaw 0.15.2 .
Created LibRaw tracking bugs for this issue
Affects: fedora-all [bug 968387]
This seems to affect 0.15.x branch only, we ship only 0.14.x currently. Can you verify?
This has been assigned CVE-2013-2126 as per:
(In reply to Jon Ciesla from comment #2)
> This seems to affect 0.15.x branch only, we ship only 0.14.x currently. Can
> you verify?
No, it's just in a different place:
798 // allocate image as temporary buffer, size.
799 imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
800 imgdata.image = (ushort (*)) imgdata.rawdata.raw_alloc;
But I can't tell if that means it's still problematic or not, or where the second hunk would be applied (the patch doesn't really show where the two free()'s are, and I'm not able to look at it closer right now. I think that _maybe_ it affects 0.14.x -- I can't definitively say one way or the other.
Upstream indicated that 0.14.x is definitely affected:
"0.14.x (but not 0.13.x and prior) are affected by double free() on same pointer"
Upstream has kindly made this patch available for 0.14.x:
darktable also embeds 0.14.x so needs to be fixed.
Created darktable tracking bugs for this issue
Affects: fedora-all [bug 970710]
OpenGTL also embeds LibRaw, as does digikam. OpenGTL embeds 0.10.0 and digikam embeds 0.15.0. OpenGTL does not look affected (the code is quite different but doesn't seem to be problematic), but digikam will need to be updated also.
Created libkdcraw tracking bugs for this issue
Affects: fedora-all [bug 970713]
digikam built against system libkdcraw from KDE SC.
This issue affects the versions of the libkdcraw package, as shipped with Fedora release of 17, 18, and 19. Please schedule an update (use child bug listed in c#10 of this bug to schedule that one).
This issue did NOT affect the version of the libkdcraw package, as shipped with Fedora EPEL-5 (the embedded LibRaw library does not contain relevant vulnerable code part yet).
i'm working on the update for libkdcraw