[SECURITY] [DLA 3433-1] libraw security update

2023-05-2701:56:36

lists.debian.org

libraw update

buffer overflow

cve-2023-1729

cve-2021-32142

debian lts

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

Debian LTS Advisory DLA-3433-1 [email protected]
https://www.debian.org/lts/security/ Guilhem Moulin
May 27, 2023 https://wiki.debian.org/LTS

Package : libraw
Version : 0.19.2-2+deb10u3
CVE ID : CVE-2021-32142 CVE-2023-1729
Debian Bug : 1031790 1036281

Buffer Overflow vulnerabilities were found in libraw, a raw image
decoder library, which could lead to application crash or privilege
escalation.

CVE-2021-32142

A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or
application crash.

CVE-2023-1729

A heap-buffer-overflow was found in raw2image_ex(int), which may
lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version
0.19.2-2+deb10u3.

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libraw

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian11ppc64ellibraw20< 0.20.2-1+deb11u1libraw20_0.20.2-1+deb11u1_ppc64el.deb
Debian11s390xlibraw-dev< 0.20.2-1+deb11u1libraw-dev_0.20.2-1+deb11u1_s390x.deb
Debian11ppc64ellibraw-bin< 0.20.2-1+deb11u1libraw-bin_0.20.2-1+deb11u1_ppc64el.deb
Debian11mipsellibraw-dev< 0.20.2-1+deb11u1libraw-dev_0.20.2-1+deb11u1_mipsel.deb
Debian11arm64libraw-bin-dbgsym< 0.20.2-1+deb11u1libraw-bin-dbgsym_0.20.2-1+deb11u1_arm64.deb
Debian11s390xlibraw-bin-dbgsym< 0.20.2-1+deb11u1libraw-bin-dbgsym_0.20.2-1+deb11u1_s390x.deb
Debian11arm64libraw-dev< 0.20.2-1+deb11u1libraw-dev_0.20.2-1+deb11u1_arm64.deb
Debian11armellibraw20-dbgsym< 0.20.2-1+deb11u1libraw20-dbgsym_0.20.2-1+deb11u1_armel.deb
Debian11mips64ellibraw20< 0.20.2-1+deb11u1libraw20_0.20.2-1+deb11u1_mips64el.deb
Debian11amd64libraw-dev< 0.20.2-1+deb11u1libraw-dev_0.20.2-1+deb11u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	ppc64el	libraw20	< 0.20.2-1+deb11u1	libraw20_0.20.2-1+deb11u1_ppc64el.deb
Debian	11	s390x	libraw-dev	< 0.20.2-1+deb11u1	libraw-dev_0.20.2-1+deb11u1_s390x.deb
Debian	11	ppc64el	libraw-bin	< 0.20.2-1+deb11u1	libraw-bin_0.20.2-1+deb11u1_ppc64el.deb
Debian	11	mipsel	libraw-dev	< 0.20.2-1+deb11u1	libraw-dev_0.20.2-1+deb11u1_mipsel.deb
Debian	11	arm64	libraw-bin-dbgsym	< 0.20.2-1+deb11u1	libraw-bin-dbgsym_0.20.2-1+deb11u1_arm64.deb
Debian	11	s390x	libraw-bin-dbgsym	< 0.20.2-1+deb11u1	libraw-bin-dbgsym_0.20.2-1+deb11u1_s390x.deb
Debian	11	arm64	libraw-dev	< 0.20.2-1+deb11u1	libraw-dev_0.20.2-1+deb11u1_arm64.deb
Debian	11	armel	libraw20-dbgsym	< 0.20.2-1+deb11u1	libraw20-dbgsym_0.20.2-1+deb11u1_armel.deb
Debian	11	mips64el	libraw20	< 0.20.2-1+deb11u1	libraw20_0.20.2-1+deb11u1_mips64el.deb
Debian	11	amd64	libraw-dev	< 0.20.2-1+deb11u1	libraw-dev_0.20.2-1+deb11u1_amd64.deb