[3.7] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910) (#8339) · Issues · alpine / aports

[3.7] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910)

An error within the “LibRaw::xtrans_interpolate()” function (internal/dcraw_common.cpp) can be exploited to cause an
invalid read memory access and subsequently cause a crash via a specially crafted TIFF image.

Fixed In Version:

LibRaw 0.18.6

References:

https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910

Patch:

https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e

(from redmine: issue id 8339, created on 2017-12-21, closed on 2018-02-20)

Relations:
- parent #8337 (closed)
Changesets:
- Revision 8d6fb35b on 2017-12-28T08:43:18Z:

main/libraw: security upgrade to 0.18.6 (CVE-2017-16910)

Fixes #8339

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information