Debian 10026 Published by

A libraw security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple memory access violations.



ELA-744-1 libraw security update

Package : libraw
Version : 0.16.0-9+deb8u5 (jessie)

Related CVEs :
CVE-2017-13735
CVE-2017-14265
CVE-2017-14608
CVE-2017-16909
CVE-2017-16910
CVE-2018-5804
CVE-2018-5805
CVE-2018-5806
CVE-2018-5813
CVE-2018-10528
CVE-2018-10529
CVE-2020-35530
CVE-2020-35531
CVE-2020-35532
CVE-2020-35533

This update fixes multiple memory access violations.

CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw
function in dcraw_common.cpp. It will lead to a remote denial of
service attack.

CVE-2017-14265
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in
internal/dcraw_common.cpp. It could allow a remote denial of service
or code execution attack.

CVE-2017-14608
An out of bounds read flaw related to kodak_65000_load_raw has been
reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker
could possibly exploit this flaw to disclose potentially sensitive
memory or cause an application crash.

CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function
(dcraw_common.cpp) can be exploited to cause a heap-based buffer
overflow and subsequently cause a crash via a specially crafted TIFF
image.

CVE-2017-16910
An error within the "LibRaw::xtrans_interpolate()" function
(internal/dcraw_common.cpp) can be exploited to cause an invalid read
memory access and subsequently a Denial of Service condition.

CVE-2018-10528
There is a stack-based buffer overflow in the utf2char function in
libraw_cxx.cpp.

CVE-2018-10529
There is an out-of-bounds read affecting the X3F property table list
implementation in libraw_x3f.cpp and libraw_cxx.cpp.

CVE-2018-5804
A type confusion error within the "identify()" function
(internal/dcraw_common.cpp) can be exploited to trigger a division by
zero.

CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function
(internal/dcraw_common.cpp) can be exploited to cause a stack-based
buffer overflow and subsequently cause a crash.

CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function
(internal/dcraw_common.cpp) can be exploited to trigger a NULL pointer
dereference.

CVE-2018-5813
An error within the "parse_minolta()" function (dcraw/dcraw.c) can be
exploited to trigger an infinite loop via a specially crafted file.

CVE-2020-35530
There is an out-of-bounds write vulnerability within the "new_node()"
function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered
via a crafted X3F file.

CVE-2020-35531
An out-of-bounds read vulnerability exists within the get_huffman_diff()
function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from
an image file.

CVE-2020-35532
An out-of-bounds read vulnerability exists within the
"simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp)
which can be triggered via an image with a large row_stride field.

CVE-2020-35533
An out-of-bounds read vulnerability exists within the
"LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp)
when reading data from the image file.

  ELA-744-1 libraw security update