Bug 1084688 (CVE-2018-5802)

Summary: VUL-1: CVE-2018-5802 libraw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: meissner, pgajdos, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/201484/
Whiteboard: CVSSv3:RedHat:CVE-2018-5802:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv3:SUSE:CVE-2018-5802:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv2:NVD:CVE-2018-5802:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2018-5802:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Karol Babioch 2018-03-09 13:26:30 UTC
rh#1553335

An   error   within   the   "kodak_radc_load_raw()"   function
(internal/dcraw_common.cpp) related to the "buf" variable can be
exploited to  cause  an out-of-bounds read memory access  and
subsequently cause a crash.

References:

https://packetstormsecurity.com/files/146172/secunia-libraw.txt

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1553335
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5802
Comment 1 Petr Gajdos 2018-03-10 14:07:17 UTC
No testcase found.
Comment 2 Petr Gajdos 2018-03-12 11:00:15 UTC
This seems to be SA#79000, or so it is referenced in git commit change log at least. Upstream fixes this SA as a whole, I will fix it so as well.

https://github.com/LibRaw/LibRaw/commit/4cb60a6c8f1ec54e51e805d94213f4d49d6118f6

I will exclude dcraw.c, see bug 1060163 comment 6.

I will also include fix for SA#81000.

Affected: 42.3/libraw, 12/libraw
Comment 3 Petr Gajdos 2018-03-12 11:00:53 UTC
Packages submitted, I believe all fixed.
Comment 5 Swamp Workflow Management 2018-03-12 11:40:11 UTC
This is an autogenerated message for OBS integration:
This bug (1084688) was mentioned in
https://build.opensuse.org/request/show/585853 42.3 / libraw
Comment 6 Swamp Workflow Management 2018-03-18 14:07:04 UTC
openSUSE-SU-2018:0731-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1084688,1084690,1084691
CVE References: CVE-2018-5800,CVE-2018-5801,CVE-2018-5802
Sources used:
openSUSE Leap 42.3 (src):    libraw-0.17.1-17.1
Comment 8 Swamp Workflow Management 2018-10-23 19:14:08 UTC
SUSE-SU-2018:3343-1: An update that fixes 5 vulnerabilities is now available.

Category: security (low)
Bug References: 1084688,1084690,1084691,1103200,1103353
CVE References: CVE-2018-5800,CVE-2018-5801,CVE-2018-5802,CVE-2018-5810,CVE-2018-5813
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    libraw-0.15.4-21.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libraw-0.15.4-21.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libraw-0.15.4-21.1
Comment 9 Marcus Meissner 2019-04-05 15:35:50 UTC
released