Overview

File _patchinfo of Package patchinfo.5734

<patchinfo incident="5734">
  <issue id="1060321" tracker="bnc">VUL-1: CVE-2017-13735: libraw: There is a floating point exception in the kodak_radc_load_raw functionin dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denialof service attack.</issue>
  <issue id="1063798" tracker="bnc">VUL-0: libraw: CVE-2017-14608 libraw: Out-of-bounds read in the kodak_65000_load_raw function</issue>
  <issue id="1072385" tracker="bnc">VUL-0: CVE-2017-16909: libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function</issue>
  <issue id="2017-13735" tracker="cve" />
  <issue id="2017-14608" tracker="cve" />
  <issue id="2017-16909" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libraw fixes the following issues:

Security issues fixed:

- CVE-2017-13735: A floating point exception in kodak_radc_load_raw could be used by attackers to crash a libraw using application (bsc#1060321)
- CVE-2017-14608: An out-of-bounds read in the kodak_65000_load_raw function could be used for crashing or information leak from the libraw library (bsc#1063798)
- CVE-2017-16909: Fix heap-buffer overflow in the LibRaw::panasonic_load_raw() function (bsc#1072385).
</description>
  <summary>Security update for libraw</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places