libraw.so is vulnerable to denial of service (DoS) attacks. The library contains an off-by-one error in the LibRaw::kodak_ycbcr_load_raw()
function of dcraw_common.cpp
, allowing a malicious user to pass an image file to the application to cause a heap-based buffer overflow, crashing the application.
www.securityfocus.com/bid/104663
access.redhat.com/errata/RHSA-2018:3065
bugzilla.redhat.com/show_bug.cgi?id=1553332
github.com/LibRaw/LibRaw/blob/master/Changelog.txt
github.com/LibRaw/LibRaw/commit/8682ad204392b91
github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
lists.debian.org/debian-lts-announce/2019/03/msg00036.html
secuniaresearch.flexerasoftware.com/advisories/79000/
secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
usn.ubuntu.com/3615-1/