There exists heap-buffer-overflow when using function raw2image_ex(int).
Created LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 2188274]
Created digikam tracking bugs for this issue:
Affects: epel-all [bug 2188276]
Affects: fedora-all [bug 2188275]
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 2188277]
I need access to 2175642 if I am to patch LibRaw for Fedora.
Hi, could you please provide more information on this CVE? Like a patch or the fixed version? Thanks!
(In reply to bugzilla_throwaway from comment #4)
> Hi, could you please provide more information on this CVE? Like a patch or
> the fixed version? Thanks!
Yeah, I can't fix this for RHEL without a reference to a patch or an issue. I don't see any relevant commits in 2023 to the upstream 0.21-stable branch:
External reference to issue on https://access.redhat.com/security/cve/CVE-2023-1729 is https://github.com/LibRaw/LibRaw/issues/557
Should I apply fix https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 to digiKam?
I found fix for LibRaw issue
is applied in digiKam 8.0.0 sources
So bug 2188275 can be closed with digiKam update to 8.0.0?
(In reply to nucleo from comment #7)
> I found fix for LibRaw issue
> is applied in digiKam 8.0.0 sources
> So bug 2188275 can be closed with digiKam update to 8.0.0?
Thank you, I'll get a LibRaw update out ASAP.
LibRaw backport for 0.21.x: