A Heap-based buffer overflow was found in LibRaw::raw2image() function. A maliciously crafted file could cause the application to crash. Upstream issue: https://github.com/LibRaw/LibRaw/issues/195
Created LibRaw tracking bugs for this issue: Affects: epel-6 [bug 1663968] Affects: fedora-all [bug 1663965] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1663967]
Upstream patch: https://github.com/LibRaw/LibRaw/commit/9b5c50d5fdf6d1386a31f08ecdae3a752fe63d07
When opening Sinar raw images that enable filters, the image data are updated in the wrong way in libraw_cxx.cpp:open_datastream(), causing an heap-based buffer overflow in raw2image() function later on.
Should be fixed in LibRaw-0.19.3.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20365