Source: libraw Version: 0.19.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/LibRaw/LibRaw/issues/192
Hi, The following vulnerability was published for libraw. The issue is still present in 0.19.1-1 (note there was first some confusion on the affected version as reported by the reporter). But current sid (0.19.1-1): ==11669== Memcheck, a memory error detector ==11669== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==11669== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==11669== Command: /usr/lib/libraw/raw-identify LibRaw_crashes_1 ==11669== *** buffer overflow detected ***: /usr/lib/libraw/raw-identify terminated ==11669== ==11669== Process terminating with default action of signal 6 (SIGABRT) ==11669== at 0x4B0F85B: raise (raise.c:51) ==11669== by 0x4AFA534: abort (abort.c:79) ==11669== by 0x4B51717: __libc_message (libc_fatal.c:181) ==11669== by 0x4BE2BBC: __fortify_fail_abort (fortify_fail.c:33) ==11669== by 0x4BE2BF0: __fortify_fail (fortify_fail.c:44) ==11669== by 0x4BE0CEF: __chk_fail (chk_fail.c:28) ==11669== by 0x4BE02A8: __strncpy_chk (strncpy_chk.c:26) ==11669== by 0x489F786: strncpy (string_fortified.h:106) ==11669== by 0x489F786: LibRaw::parse_makernote(int, int) (dcraw_common.cpp:10349) ==11669== by 0x48A5FD9: LibRaw::parse_exif(int) (dcraw_common.cpp:11857) ==11669== by 0x48980F6: LibRaw::parse_tiff_ifd(int) (dcraw_common.cpp:13262) ==11669== by 0x48A60D5: parse_tiff (dcraw_common.cpp:14080) ==11669== by 0x48A60D5: LibRaw::parse_tiff(int) (dcraw_common.cpp:14069) ==11669== by 0x48AA86F: LibRaw::identify() (dcraw_common.cpp:17781) ==11669== ==11669== HEAP SUMMARY: ==11669== in use at exit: 296,417 bytes in 8 blocks ==11669== total heap usage: 10 allocs, 2 frees, 401,937 bytes allocated ==11669== ==11669== LEAK SUMMARY: ==11669== definitely lost: 0 bytes in 0 blocks ==11669== indirectly lost: 0 bytes in 0 blocks ==11669== possibly lost: 0 bytes in 0 blocks ==11669== still reachable: 296,417 bytes in 8 blocks ==11669== suppressed: 0 bytes in 0 blocks ==11669== Rerun with --leak-check=full to see details of leaked memory ==11669== ==11669== For counts of detected and suppressed errors, rerun with: -v ==11669== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Aborted CVE-2018-20337[0]: | There is a stack-based buffer overflow in the parse_makernote function | of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a | denial of service or possibly unspecified other impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20337 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337 [1] https://github.com/LibRaw/LibRaw/issues/192 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
