There exists heap-buffer-overflow when using function raw2image_ex(int).
Created LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2188274] Created digikam tracking bugs for this issue: Affects: epel-all [bug 2188276] Affects: fedora-all [bug 2188275] Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 2188277]
I need access to 2175642 if I am to patch LibRaw for Fedora.
Hi, could you please provide more information on this CVE? Like a patch or the fixed version? Thanks!
(In reply to bugzilla_throwaway from comment #4) > Hi, could you please provide more information on this CVE? Like a patch or > the fixed version? Thanks! Yeah, I can't fix this for RHEL without a reference to a patch or an issue. I don't see any relevant commits in 2023 to the upstream 0.21-stable branch: https://github.com/LibRaw/LibRaw/tree/0.21-stable
External reference to issue on https://access.redhat.com/security/cve/CVE-2023-1729 is https://github.com/LibRaw/LibRaw/issues/557 Should I apply fix https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 to digiKam?
I found fix for LibRaw issue https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 is applied in digiKam 8.0.0 sources https://invent.kde.org/graphics/digikam/-/commit/7ba146e67f3417f325e60343de4a9bc88e81f29b So bug 2188275 can be closed with digiKam update to 8.0.0?
(In reply to nucleo from comment #7) > I found fix for LibRaw issue > https://github.com/LibRaw/LibRaw/commit/ > 9ab70f6dca19229cb5caad7cc31af4e7501bac93 > is applied in digiKam 8.0.0 sources > https://invent.kde.org/graphics/digikam/-/commit/ > 7ba146e67f3417f325e60343de4a9bc88e81f29b > > So bug 2188275 can be closed with digiKam update to 8.0.0? Thank you, I'll get a LibRaw update out ASAP.
LibRaw backport for 0.21.x: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828