[3.4] libraw: multiple issues (CVE-2017-13735, CVE-2017-14265)
CVE-2017-13735: There is a floating point exception in the
kodak_radc_load_raw function in
dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of
service attack.
References:
https://github.com/LibRaw/LibRaw/issues/96
https://nvd.nist.gov/vuln/detail/CVE-2017-13735
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in
xtrans_interpolate in internal/dcraw_common.cpp
in LibRaw before 0.18.3. It could allow a remote denial of service or
code execution attack.
References:
https://github.com/LibRaw/LibRaw/issues/99
https://nvd.nist.gov/vuln/detail/CVE-2017-14265
Patch:
https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60
(from redmine: issue id 7926, created on 2017-09-27, closed on 2017-10-23)
- Relations:
- parent #7922 (closed)