A flaw was found in LibRaw. An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. This can be exploited by malicious people to cause a DoS (Denial of Service). References: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
Patch: https://github.com/LibRaw/LibRaw/commit/8260dcf3db045923a5ca5c05170f9bc7a4bd971 Note that there's a related follow-up patch: https://github.com/LibRaw/LibRaw/commit/70ce43d02602a7756937fadde3cab32d3ae3eef9
Statement: This issue affects the versions of LibRaw as shipped with Red Hat Enterprise Linux 7.
Also known as Secunia Advisory SA83050 ... (In reply to Stefan Cornelius from comment #3) > Patch: > https://github.com/LibRaw/LibRaw/commit/ > 8260dcf3db045923a5ca5c05170f9bc7a4bd971 This is already in LibRaw 0.19 Beta-5 and 0.18.11. > Note that there's a related follow-up patch: > https://github.com/LibRaw/LibRaw/commit/ > 70ce43d02602a7756937fadde3cab32d3ae3eef9 This one is only present in the 0.19-stable branch and hasn't seen a release yet.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-5813