Headline
Debian Security Advisory 5412-1
Debian Linux Security Advisory 5412-1 - Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5412-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoMay 27, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : librawCVE ID : CVE-2021-32142 CVE-2023-1729Debian Bug : 1031790 1036281Several vulnerabilities were discovered in libraw, a library for readingRAW files obtained from digital photo cameras, which may result indenial of service or the execution of arbitrary code if speciallycrafted files are processed.For the stable distribution (bullseye), these problems have been fixed inversion 0.20.2-1+deb11u1.We recommend that you upgrade your libraw packages.For the detailed security status of libraw please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/librawFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRyXNFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0S6ehAAlIVUex5cV2eOg9y4Z4MrXPPEl7DPhsEItBnU6tA0PQLxImblhRY2+bruFw7S3ovXQxOJQRW3CQ7ykRenfERuZXvENJwbauwD4XFAFPOHcs0lEkdAumQ4pEnxczetY/GXvXVqZ5L2LD8SDLrPLO37u5JNZGclVHn+2OkzSPm3rMwvXXPy0uik6PG1dlJBTbAeTm8bCls+TEvcCD3M1EgwqcJ4Cemnd43R4BvLsd8FJWWB41XrbvEtt5s644k3eJ19EkjYJ/lfi2Uu2b6m1crdFt1DSFl1UlGaMWL/Jz+R8OzAYenlY7RRXzZOsMSPlt4B4TUC1AG0WgeZhec4StNDhdQyNZ4ild/2yUqR0cdMLWIHs1Lst+Yr4sKO4BAe75otA93nV49bicwgA+8Sb4nehLZAIm+dUbc+6SmqwntHsfZpSyWTt4FuAH6dM8R6hOAXkQ7DI9x9eod1NLH0FXqcl61qAKrfs348Rd4vPZY5TCndxvSJDuyynDFs9GrYKgN0mN/2ePAgj2Y7CvfUnkoVwK9AeQRETkSLzTwivT+XBc2RUaYRohGARp7DXnoEhtvLUx1Efr1LKXNizT958kpBPvTp3fVf6iP/fW9VtZudbvQb2wBrF7iDe/r4PX2OoYXdbm5qiV7wU20M+YQwZqIva95FQkKxdtPfnYzAWpWMa8g¿zv-----END PGP SIGNATURE-----Related news
Red Hat Security Advisory 2024-0343-03 - An update for LibRaw is now available for Red Hat Enterprise Linux 7. Issues addressed include a buffer overflow vulnerability.
Gentoo Linux Security Advisory 202312-8 - A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash. Versions greater than or equal to 0.21.1-r1 are affected.
Ubuntu Security Notice 6137-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.