Overview
Security update for libraw

This update for libraw fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-5804: Fixed a type confusion error within the identify function that
could trigger a division by zero, leading to a denial of service (Dos).
(boo#1097975)
- CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw
function that could cause a stack-based buffer overflow and subsequently
trigger a crash. (boo#1097973)
- CVE-2018-5806: Fixed an error within the leaf_hdr_load_raw function that
could trigger a NULL pointer deference, leading to a denial of service (DoS).
(boo#1097974)
- CVE-2018-5808: Fixed an error within the find_green function that could
cause a stack-based buffer overflow and subsequently execute arbitrary code.
(boo#1118894)
- CVE-2018-5816: Fixed a type confusion error within the identify function that
could trigger a division by zero, leading to a denial of service (DoS).
(boo#1097975)

Fixed bugs
bnc#1097974
VUL-0: CVE-2018-5806: libraw,dcraw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp
bnc#1097975
VUL-0: CVE-2018-5804: libraw,dcraw: type confusion error in identify() function in internal/dcraw_common.cpp
bnc#1097973
VUL-0: CVE-2018-5805: libraw,dcraw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
bnc#1118894
VUL-0: CVE-2018-5808: libraw: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5804
CVE-2018-5805
CVE-2018-5806
CVE-2018-5808
CVE-2018-5816
Selected Binaries
openSUSE Build Service is sponsored by
Places