Bugzilla – Bug 837750
VUL-1: CVE-2013-1438 CVE-2013-1439: libraw: multiple denial of service flaws
Last modified: 2021-05-31 16:42:18 UTC
Specially crafted images could cause Denial of Service issues (looks like CPU
consumption rather than crash).
I think the following CVE were assigned:
* CVE-2013-1438, and
bugbot adjusting priority
Do we really need to release a maintenance update for this:
> looks like CPU consumption rather than crash
The patches are rather big. I would definitely not change the CFLAGS and similar stuff which were commented out in the patch.
I could add the
parts, but I won't be able to test this.
It also is not clear in which product this is needed (SLE11 SP3?).
We always fix all maintained and affected products.
no need for immediate action, we have it only on the planned updates list for collective updates later
(is this really for Thomas who does libraw1394 , a firewire lirbary?
or more for Petr Gajdos, who does libraw? ;)
I am closing this bug now.
It's more than a year old, rated low and probably fixed mainline for quite a while.