Exploit for linux platform in category dos / poc
LibRaw 0.18.7 Denial Of Service Vulnerability
======================================================================
1) Affected Software
* LibRaw versions prior to 0.18.7.
======================================================================
2) Severity
Rating: Moderately critical
Impact: Denial of Service
Where: From remote
======================================================================
3) Description of Vulnerabilities
Secunia Research has discovered multiple vulnerabilities in LibRaw,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
1) An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function (internal/dcraw_common.cpp) can be exploited to cause a heap-
based buffer overflow and subsequently cause a crash.
2) An error within the "LibRaw::unpack()" function
(src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer
dereference.
3) An error within the "kodak_radc_load_raw()" function
(internal/dcraw_common.cpp) related to the "buf" variable can be
exploited to cause an out-of-bounds read memory access and
subsequently cause a crash.
Successful exploitation of this vulnerability requires the library to
be compiled with the "-O0" compilation flag.
The vulnerabilities are confirmed in version 0.18.6 and reported in
versions prior to 0.18.7.
======================================================================
4) Solution
Update to version 0.18.7.
======================================================================
5) Time Table
2018/01/16 - Maintainer contacted with the vulnerability details.
2018/01/19 - Maintainer confirmed the vulnerabilities.
2018/01/19 - Maintainer released a fix.
2018/01/25 - Release of Secunia Advisory SA79000.
2018/01/29 - Public disclosure of Secunia Research Advisory.
======================================================================
6) Credits
Laurent Delosieres, Secunia Research at Flexera Software.
======================================================================
7) References
The Flexera Software CNA has assigned the CVE-2018-5800,
CVE-2018-5801, and CVE-2018-5802 identifiers for the vulnerabilities
through the Common Vulnerabilities and Exposures (CVE) project.
# 0day.today [2018-03-13] #