Security update for libraw
This update for libraw fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-5813: Fixed an error within the "parse_minolta()" function
(dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a
specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
- CVE-2018-5815: Fixed an integer overflow in the
internal/dcraw_common.cpp:parse_qt() function, that could be exploited to
cause an infinite loop via a specially crafted Apple QuickTime file.
(boo#1103206)
- CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1103206
VUL-1: CVE-2018-5815: libraw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service
bnc#1097975
VUL-0: CVE-2018-5804: libraw,dcraw: type confusion error in identify() function in internal/dcraw_common.cpp
bnc#1103200
VUL-1: CVE-2018-5813: libRaw: infinite loop in the parse_minolta function in dcraw/dcraw.c
