File _patchinfo of Package patchinfo.23716

<patchinfo incident="23716">
  <issue tracker="bnc" id="1117896">VUL-1: CVE-2018-19655: dcraw: A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, o</issue>
  <issue tracker="bnc" id="1056170">VUL-1: CVE-2017-13735: dcraw: There is a floating point exception in the kodak_radc_load_raw functionin dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denialof service attack.</issue>
  <issue tracker="bnc" id="1117622">VUL-1: CVE-2018-19565: dcraw: A buffer over-read in crop_masked_pixels could be used by attackers able to supply malicious files to crash an application that bundles the code or leak private information.</issue>
  <issue tracker="bnc" id="1097973">VUL-0: CVE-2018-5805: libraw,dcraw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1117512">VUL-1: CVE-2018-19567: dcraw: A floating point exception in parse_tiff_ifd could be used by attackers able to supply malicious files to crash the application</issue>
  <issue tracker="bnc" id="1189642">VUL-0: CVE-2021-3624: dcraw: Buffer overflow caused by integer-overflow in foveon_load_camf()</issue>
  <issue tracker="bnc" id="1084690">VUL-1: CVE-2018-5801 libraw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp</issue>
  <issue tracker="bnc" id="1117517">VUL-1: CVE-2018-19566: dcraw: A heap buffer over-read in parse_tiff_ifd in dcraw could be used by attackers able to supply malicious files to crash the application or leak information</issue>
  <issue tracker="bnc" id="1097974">VUL-0: CVE-2018-5806: libraw,dcraw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1117436">VUL-1: CVE-2018-19568: dcraw: A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.</issue>
  <issue tracker="bnc" id="1063798">VUL-0: libraw: CVE-2017-14608 libraw: Out-of-bounds read in the kodak_65000_load_raw function</issue>
  <issue tracker="cve" id="2018-19568"/>
  <issue tracker="cve" id="2018-5805"/>
  <issue tracker="cve" id="2018-19565"/>
  <issue tracker="cve" id="2018-5806"/>
  <issue tracker="cve" id="2017-14608"/>
  <issue tracker="cve" id="2021-3624"/>
  <issue tracker="cve" id="2018-5801"/>
  <issue tracker="cve" id="2018-19567"/>
  <issue tracker="cve" id="2018-19566"/>
  <issue tracker="cve" id="2017-13735"/>
  <issue tracker="cve" id="2018-19655"/>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for dcraw</summary>
  <description>This update for dcraw fixes the following issues:

- CVE-2017-13735: Fixed a denial of service issue due to a floating point
  exception (bsc#1056170).
- CVE-2017-14608: Fixed an invalid memory access that could lead to information
  disclosure or denial of service (bsc#1063798).
- CVE-2018-19655: Fixed a buffer overflow that could lead to an application
  crash (bsc#1117896).
- CVE-2018-5801: Fixed an invalid memory access that could lead to denial of
  service (bsc#1084690).
- CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash
  (bsc#1097973).
- CVE-2018-5806: Fixed an invalid memory access that could lead to denial of
  service (bsc#1097974).
- CVE-2018-19565: Fixed an invalid memory access that could lead to information
  disclosure or denial of service (bsc#1117622).
- CVE-2018-19566: Fixed an invalid memory access that could lead to information
  disclosure or denial of service (bsc#1117517).
- CVE-2018-19567: Fixed a denial of service issue due to a floating point
  exception (bsc#1117512).
- CVE-2018-19568: Fixed a denial of service issue due to a floating point
  exception (bsc#1117436).
- CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or
  denial of service (bsc#1189642).

Non-security fixes:

- Updated to version 9.28.0.
</description>
</patchinfo>