[3.7] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910) (#8339) · Issues · alpine / aports

[3.7] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910)

An error within the “LibRaw::xtrans_interpolate()” function (internal/dcraw_common.cpp) can be exploited to cause an
invalid read memory access and subsequently cause a crash via a specially crafted TIFF image.

Fixed In Version:

LibRaw 0.18.6

References:

https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910

Patch:

https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e

(from redmine: issue id 8339, created on 2017-12-21, closed on 2018-02-20)

Relations:
- parent #8337 (closed)
Changesets:
- Revision 8d6fb35b on 2017-12-28T08:43:18Z:

main/libraw: security upgrade to 0.18.6 (CVE-2017-16910)

Fixes #8339

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.