Overview

File _patchinfo of Package patchinfo.8177

<patchinfo incident="8177">
  <issue tracker="bnc" id="1103206">VUL-1: CVE-2018-5815: libraw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service</issue>
  <issue tracker="bnc" id="1097975">VUL-0: CVE-2018-5804: libraw,dcraw: type confusion error in identify() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1103200">VUL-1: CVE-2018-5813: libRaw: infinite loop in the parse_minolta function in dcraw/dcraw.c</issue>
  <issue tracker="cve" id="2018-5804"/>
  <issue tracker="cve" id="2018-5816"/>
  <issue tracker="cve" id="2018-5813"/>
  <issue tracker="cve" id="2018-5815"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libraw fixes the following issues:

Security issues fixed:

The following security vulnerabilities were addressed:

- CVE-2018-5813: Fixed an error within the "parse_minolta()" function
  (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a
  specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
- CVE-2018-5815: Fixed an integer overflow in the
  internal/dcraw_common.cpp:parse_qt() function, that could be exploited to
  cause an infinite loop via a specially crafted Apple QuickTime file.
  (boo#1103206)
- CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)
</description>
  <summary>Security update for libraw</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places