Overview

File _patchinfo of Package patchinfo.618

<patchinfo incident="618">
  <issue id="1039209" tracker="bnc">VUL-1: CVE-2017-6890: libraw:  boundary error within the "foveon_load_camf()" function (dcraw_foveon.c)</issue>
  <issue id="957517" tracker="bnc">VUL-1:  CVE-2015-8367: libraw: Memory objects are not intialized properly</issue>
  <issue id="1039379" tracker="bnc">VUL-1: CVE-2017-6887: libraw: memory corruption via e.g. a specially crafted KDC file (parse_tiff_ifd() func internal/dcraw_common.cpp)</issue>
  <issue id="1039210" tracker="bnc">VUL-1: CVE-2017-6889: libraw:  integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c)</issue>
  <issue id="930683" tracker="bnc">VUL-1: CVE-2015-3885: dcraw,libraw,ufraw,netpbm: input sanitization errors</issue>
  <issue id="1039380" tracker="bnc">VUL-1: CVE-2017-6886: libraw: memory corruption in parse_tiff_ifd() func (internal/dcraw_common.cpp)</issue>
  <issue id="2015-3885" tracker="cve" />
  <issue id="2015-8367" tracker="cve" />
  <issue id="2017-6886" tracker="cve" />
  <issue id="2017-6887" tracker="cve" />
  <issue id="2017-6890" tracker="cve" />
  <issue id="2017-6899" tracker="cve" />
  <issue id="2017-6889" tracker="cve" />


  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libraw fixes the following issues:

- CVE-2015-3885: A specially crafted raw image file could have caused a Denial of Service
  through an integer overflow. (bsc#930683)

- CVE-2015-8367: The function phase_one_correct() did not handle memory object initialization
  correctly, which may have caused some other problems. (bsc#957517)

- CVE-2017-6886: memory corruption in parse_tiff_ifd() func (internal/dcraw_common.cpp) could lead to Denial of service (bsc#1039380)

- CVE-2017-6889: integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) could lead to Denial of service (bsc#1039210)

- CVE-2017-6890: boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) (bsc#1039209)

</description>
  <summary>Security update for libraw</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places