LibRaw is vulnerable to a denial of service, caused by a flaw in the parse_sinar_ia function in internal/dcraw_common.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Created LibRaw tracking bugs for this issue:
Affects: epel-6 [bug 1661607]
Affects: fedora-28 [bug 1661605]
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1661606]
Function parse_sinar_ia() execute a loop for X times, where X is read from the file and is not properly checked. By providing a very large number (or a negative one) it is possible to execute the loop many time and waste resources.
Fixed in LibRaw-0.19.1