LibRaw is vulnerable to a denial of service, caused by an error in the unpacked_load_raw function in internal/dcraw_common.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
Created LibRaw tracking bugs for this issue:
Affects: epel-6 [bug 1661615]
Affects: fedora-28 [bug 1661613]
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1661614]
Function unpacked_load_raw() execute "maximum"-times a simple loop, where "maximum" is variable set during the identify() function. A crafted raw image may set it to a very high value, resulting in a very long time to parse the image.
This issue did not affect the versions of LibRaw as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.
Fixed in LibRaw-0.19.1
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):