Overview

File _patchinfo of Package patchinfo.9911

<patchinfo incident="9911">
  <issue tracker="bnc" id="1120498">VUL-1: CVE-2018-20363: libraw: LibRaw:raw2image in libraw_cxx.cpp has a NULL pointer dereference</issue>
  <issue tracker="bnc" id="1120499">VUL-1: CVE-2018-20364: libraw: LibRaw:copy_bayer in libraw_cxx.cpp has a NULL pointer dereference</issue>
  <issue tracker="bnc" id="1120515">VUL-1: CVE-2018-5817: libraw: DoS in unpacked_load_raw function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1120517">VUL-1: CVE-2018-5819: libraw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1120516">VUL-1: CVE-2018-5818: libraw: DoS in parse_rollei function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1120519">VUL-0: CVE-2018-20337: libraw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1120500">VUL-0: CVE-2018-20365: libraw: LibRaw:raw2image() in libraw_cxx.cpp has a heap-based buffer overflow</issue>
  <issue tracker="cve" id="2018-5818"/>
  <issue tracker="cve" id="2018-20337"/>
  <issue tracker="cve" id="2018-5817"/>
  <issue tracker="cve" id="2018-20365"/>
  <issue tracker="cve" id="2018-20364"/>
  <issue tracker="cve" id="2018-20363"/>
  <issue tracker="cve" id="2018-5819"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libraw fixes the following issues:

Security issues fixed:                                                                     
                                                                                                            
- CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519)
- CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500)
- CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499)
- CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498)          
- CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515)
- CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516)    
- CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517)
</description>
  <summary>Security update for libraw</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places