First Last Prev Next    This bug is not in your last search results.
Bug 1060163 - (CVE-2017-14265) VUL-0: CVE-2017-14265: libraw: Stack based buffer overflow in the xtrans_interpolate function
(CVE-2017-14265)
VUL-0: CVE-2017-14265: libraw: Stack based buffer overflow in the xtrans_inte...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191731/
CVSSv2:NVD:CVE-2017-14265:7.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-25 07:20 UTC by Victor Pereira
Modified: 2022-04-13 10:32 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-09-25 07:20:05 UTC 
rh#1494405

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in
internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote
denial of service or code execution attack.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1494405
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14265
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14265.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265
https://github.com/LibRaw/LibRaw/issues/99
Comment 1 Petr Gajdos 2017-09-25 09:11:18 UTC 
This is fixed with libraw 0.18.4 version update in Tumbleweed.
Comment 2 Petr Gajdos 2017-09-25 13:17:36 UTC 
I do not see crash or valgrind errors with the testcase from the upstream bug.

I get just:

$ simple_dcraw crash-xtrans_interpolate-stack-overflow
Cannot open_file crash-xtrans_interpolate-stack-overflow: Unsupported file format or not RAW file
$
Comment 3 Petr Gajdos 2017-09-25 13:39:20 UTC 
1xtrans-cfa-range.txt from the upstream bug points to part of

https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60#diff-f29c1da0e3b6207b99ae3e301dcb547a
Comment 4 Bernhard Wiedemann 2017-09-25 16:00:43 UTC 
This is an autogenerated message for OBS integration:
This bug (1060163) was mentioned in
https://build.opensuse.org/request/show/528660 42.2 / libraw
https://build.opensuse.org/request/show/528661 42.3 / libraw
Comment 5 Petr Gajdos 2017-09-26 07:20:34 UTC 
Packages submitted to 42.2 and 42.3.
Comment 6 Petr Gajdos 2017-09-26 11:49:36 UTC 
12/libraw is not affected, xtrans_interpolate contains just dcraw.c, which does not compile.
Comment 7 Bernhard Wiedemann 2017-09-26 14:01:22 UTC 
This is an autogenerated message for OBS integration:
This bug (1060163) was mentioned in
https://build.opensuse.org/request/show/528790 42.2 / libraw
https://build.opensuse.org/request/show/528791 42.3 / libraw
Comment 8 Victor Pereira 2017-09-27 09:30:27 UTC 
@Petr thank you for your feedback.
Comment 9 Swamp Workflow Management 2017-10-03 22:11:29 UTC 
openSUSE-SU-2017:2638-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1060163,1060321
CVE References: CVE-2017-13735,CVE-2017-14265
Sources used:
openSUSE Leap 42.3 (src):    libraw-0.17.1-11.1
openSUSE Leap 42.2 (src):    libraw-0.17.1-2.11.1
Comment 10 Marcus Meissner 2017-12-14 14:08:49 UTC 
is the dcraw package affected?
Comment 11 Petr Gajdos 2017-12-15 08:58:40 UTC 
Fridrich is maintainer of dcraw package.
Comment 12 Fridrich Strba 2022-04-13 10:32:12 UTC 
I don't see any crash with current dcraw version. I run it in valgrind to see whether it still tries to read over buffer, but not.
So closing this one
First Last Prev Next    This bug is not in your last search results.