Headline
Ubuntu Security Notice USN-6137-1
Ubuntu Security Notice 6137-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-6137-1
June 05, 2023
libraw vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in LibRaw.
Software Description:
- libraw: raw image decoder library
Details:
It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
libraw20 0.20.2-2ubuntu2.23.04.1
Ubuntu 22.10:
libraw20 0.20.2-2ubuntu2.22.10.1
Ubuntu 22.04 LTS:
libraw20 0.20.2-2ubuntu2.22.04.1
Ubuntu 20.04 LTS:
libraw19 0.19.5-1ubuntu1.2
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6137-1
CVE-2021-32142, CVE-2023-1729
Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.23.04.1
https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.10.1
https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.04.1
https://launchpad.net/ubuntu/+source/libraw/0.19.5-1ubuntu1.2
Related news
Red Hat Security Advisory 2024-0343-03 - An update for LibRaw is now available for Red Hat Enterprise Linux 7. Issues addressed include a buffer overflow vulnerability.
Gentoo Linux Security Advisory 202312-8 - A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash. Versions greater than or equal to 0.21.1-r1 are affected.
Debian Linux Security Advisory 5412-1 - Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed.
Debian Linux Security Advisory 5412-1 - Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed.
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.