[3.9] libraw: Multiple vulnerabilities (CVE-2018-20363, CVE-2018-20364, CVE-2018-20365)
CVE-2018-20363: LibRaw::raw2image in libraw_cxx.cpp in LibRaw
0.19.1
has a NULL pointer dereference.
References:
https://github.com/LibRaw/LibRaw/issues/193
Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
CVE-2018-20364: LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw
0.19.1 has
a NULL pointer dereference.
References:
https://github.com/LibRaw/LibRaw/issues/194
https://nvd.nist.gov/vuln/detail/CVE-2018-20364
Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
CVE-2018-20365: LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
References:
https://github.com/LibRaw/LibRaw/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-20365
Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
(from redmine: issue id 9896, created on 2019-01-23, closed on 2019-02-14)
- Relations:
- parent #9895 (closed)
- Changesets:
- Revision 8d154140 on 2019-01-31T14:26:03Z:
community/libraw: security upgrade to 0.19.2
CVE-2018-20363, CVE-2018-20364, CVE-2018-20365
Fixes #9896