Bug 1118894 - (CVE-2018-5808) VUL-0: CVE-2018-5808: libraw: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
(CVE-2018-5808)
VUL-0: CVE-2018-5808: libraw: An error within the "find_green()" function (in...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/220497/
CVSSv3:SUSE:CVE-2018-5808:5.3:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-10 06:57 UTC by Marcus Meissner
Modified: 2019-07-19 06:43 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-12-10 06:57:22 UTC
CVE-2018-5808

An error within the "find_green()" function (internal/dcraw_common.cpp) in
LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer
overflow and subsequently execute arbitrary code.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
Comment 1 Petr Gajdos 2018-12-11 12:34:17 UTC
I believe this is Secunia 81800#2: find_green, see bug 1118891.
Comment 2 Petr Gajdos 2018-12-11 12:55:46 UTC
15, TW: libraw >= 0.18.9, not affected

12:

Secunia 81800#1: samsumg_load_raw               code not found
Secunia 81800#2: find_green                     code change fits
Secunia 81800#3: rollei_load_raw                libraw-CVE-2018-5810.patch
remove_trailing_spaces: isspace() does not works right with signed non-latin chars                                           code not found
Secunia 81800#5/6: nikon_coolscan_load_raw      code not found
Secunia 81800#4: rollei_load_raw                libraw-CVE-2018-5810.patch

sony_arw2_load_raw                              code change fits
parse_exif                                      code not found

So I will add Secunia 81800#2 and sony_arw2_load_raw change as libraw-CVE-2018-5808.patch
Comment 3 Petr Gajdos 2018-12-11 13:00:16 UTC
Packages submitted for: 12/libraw

I believe all fixed.
Comment 5 Petr Gajdos 2018-12-19 11:40:42 UTC
Fix for 42.3 was missing, will submit.
Comment 7 Swamp Workflow Management 2018-12-19 13:40:18 UTC
This is an autogenerated message for OBS integration:
This bug (1118894) was mentioned in
https://build.opensuse.org/request/show/660000 42.3 / libraw
Comment 8 Swamp Workflow Management 2018-12-28 23:16:29 UTC
openSUSE-SU-2018:4299-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097973,1097974,1097975,1118894
CVE References: CVE-2018-5804,CVE-2018-5805,CVE-2018-5806,CVE-2018-5808,CVE-2018-5816
Sources used:
openSUSE Leap 42.3 (src):    libraw-0.17.1-26.1
Comment 9 Swamp Workflow Management 2019-01-02 19:07:00 UTC
SUSE-SU-2019:0002-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097973,1097974,1118894
CVE References: CVE-2018-5805,CVE-2018-5806,CVE-2018-5808
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    libraw-0.15.4-27.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    libraw-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libraw-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libraw-0.15.4-27.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libraw-0.15.4-27.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libraw-0.15.4-27.1
Comment 10 Marcus Meissner 2019-07-19 06:43:37 UTC
done