Bugzilla – Bug 1103359
VUL-1: CVE-2018-5811: libraw: out-of-bounds read in nikon_coolscan_load_raw
Last modified: 2018-10-02 17:14:12 UTC
rh#1610483 A flaw was found in LibRaw versions before 0.18.9. An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. Leap 42.3 affected References: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ https://bugzilla.redhat.com/show_bug.cgi?id=1610483 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5811
The fix is part of https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
15/libraw is 0.18.9. 12/libraw does not have nikon_coolscan_load_raw() code in dcraw_common.cpp. Will submit for 42.3/libraw.
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1103359) was mentioned in https://build.opensuse.org/request/show/626901 42.3 / libraw
done
openSUSE-SU-2018:2286-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1103200,1103206,1103353,1103359,1103360,1103361 CVE References: CVE-2018-5807,CVE-2018-5810,CVE-2018-5811,CVE-2018-5812,CVE-2018-5813,CVE-2018-5815 Sources used: openSUSE Leap 42.3 (src): libraw-0.17.1-23.1