LibRaw is vulnerable to a denial of service, caused by an error in the unpacked_load_raw function in internal/dcraw_common.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. References: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
Created LibRaw tracking bugs for this issue: Affects: epel-6 [bug 1661615] Affects: fedora-28 [bug 1661613] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1661614]
Upstream patch: https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
Function unpacked_load_raw() execute "maximum"-times a simple loop, where "maximum" is variable set during the identify() function. A crafted raw image may set it to a very high value, resulting in a very long time to parse the image.
Statement: This issue did not affect the versions of LibRaw as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.
Fixed in LibRaw-0.19.1
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-5817