LibRaw through version 0.18.9 is vulnerable to a stack-based buffer overflow in the libraw_cxx.cpp:utf2char() function. An attacker could exploit this to cause a crash or potentially execute arbitrary code.
Created LibRaw tracking bugs for this issue:
Affects: epel-6 [bug 1574321]
Affects: fedora-all [bug 1574322]
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1574319]
This was fixed in LibRaw 0.19.0-Beta4 and 0.18.10.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):