Bugzilla – Bug 1103361
VUL-1: CVE-2018-5807: libraw: out-of-bounds read in samsung_load_raw
Last modified: 2018-12-14 07:43:05 UTC
rh#1610469 A flaw was found in LibRaw versions before 0.18.9. An error within the samsung_load_raw() function (internal/dcraw_common.cpp) can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. SUSE:SLE-12:Update affected References: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ https://bugzilla.redhat.com/show_bug.cgi?id=1610469 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5807
15/libraw is 0.18.9. 12/libraw does not have samsung_load_raw() code in dcraw_common.cpp. Will submit for 42.3/libraw.
Fix is part of https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1103361) was mentioned in https://build.opensuse.org/request/show/626901 42.3 / libraw
openSUSE-SU-2018:2286-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1103200,1103206,1103353,1103359,1103360,1103361 CVE References: CVE-2018-5807,CVE-2018-5810,CVE-2018-5811,CVE-2018-5812,CVE-2018-5813,CVE-2018-5815 Sources used: openSUSE Leap 42.3 (src): libraw-0.17.1-23.1
Update has been released for 42.3, which was the only affected codestream. Updated our tracking, closing the bug.