[3.5] libraw: multiple issues (CVE-2017-13735, CVE-2017-14265)
CVE-2017-13735: There is a floating point exception in the
kodak_radc_load_raw function in
dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in
xtrans_interpolate in internal/dcraw_common.cpp
in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
(from redmine: issue id 7925, created on 2017-09-27, closed on 2017-10-23)
- parent #7922 (closed)