Overview

File _patchinfo of Package patchinfo.9365

<patchinfo incident="9365">
  <issue tracker="bnc" id="1097974">VUL-0: CVE-2018-5806: libraw,dcraw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1097975">VUL-0: CVE-2018-5804: libraw,dcraw: type confusion error in identify() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1097973">VUL-0: CVE-2018-5805: libraw,dcraw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp</issue>
  <issue tracker="bnc" id="1118894">VUL-0: CVE-2018-5808: libraw: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.</issue>
  <issue tracker="cve" id="2018-5804"/>
  <issue tracker="cve" id="2018-5805"/>
  <issue tracker="cve" id="2018-5806"/>
  <issue tracker="cve" id="2018-5808"/>
  <issue tracker="cve" id="2018-5816"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libraw fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-5804: Fixed a type confusion error within the identify function that
  could trigger a division by zero, leading to a denial of service (Dos).
  (boo#1097975)
- CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw
  function that could cause a stack-based buffer overflow and subsequently
  trigger a crash. (boo#1097973)
- CVE-2018-5806: Fixed an error within the leaf_hdr_load_raw function that
  could trigger a NULL pointer deference, leading to a denial of service (DoS).
  (boo#1097974)
- CVE-2018-5808: Fixed an error within the find_green function that could
  cause a stack-based buffer overflow and subsequently execute arbitrary code.
  (boo#1118894)
- CVE-2018-5816: Fixed a type confusion error within the identify function that
  could trigger a division by zero, leading to a denial of service (DoS).
  (boo#1097975)
</description>
  <summary>Security update for libraw</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places