[3.5] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910)
An error within the “LibRaw::xtrans_interpolate()” function
(internal/dcraw_common.cpp) can be exploited to cause an
invalid read memory access and subsequently cause a crash via a
specially crafted TIFF image.
Fixed In Version:
LibRaw 0.18.6
References:
https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910
Patch:
https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
(from redmine: issue id 8341, created on 2017-12-21, closed on 2018-02-20)
- Relations:
- parent #8337 (closed)