Debian Libraw vulnerabilities

CVE-2018-20363 [MEDIUM] CVE-2018-20363: libraw - LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer derefere... LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.19.2-2) bullseye: resolved (fixed in 0.19.2-2) forky: resolved (fixed in 0.19.2-2) sid: resolved (fixed in 0.19.2-2) trixie: resolved (fixed in 0.19.2-2)

CVE-2018-5812 [MEDIUM] CVE-2018-5812: libraw - An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.... An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.18.11-1) bullseye: resolved (fixed in 0.18.11-1) forky: resolved (fixed in 0.18.11-1) sid: resolved (fixed in 0.18.11-1) trixie: resolved (fixed in 0

CVE-2018-5815 [MEDIUM] CVE-2018-5815: libraw - An integer overflow error within the "parse_qt()" function (internal/dcraw_commo... An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. Scope: local bookworm: resolved (fixed in 0.18.13-1) bullseye: resolved (fixed in 0.18.13-1) forky: resolved (fixed in 0.18.13-1) sid: resolved (fixed in 0

CVE-2018-5816 [MEDIUM] CVE-2018-5816: libraw - An integer overflow error within the "identify()" function (internal/dcraw_commo... An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). Scope: local bookworm: resolved (fixed in 0.18.13-1) bullseye: resolved (fixed in 0

CVE-2018-10529 [HIGH] CVE-2018-10529: libraw - An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecti... An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. Scope: local bookworm: resolved (fixed in 0.18.11-1) bullseye: resolved (fixed in 0.18.11-1) forky: resolved (fixed in 0.18.11-1) sid: resolved (fixed in 0.18.11-1) trixie: resolved (fixed in 0.18.11-1)

CVE-2018-5806 [MEDIUM] CVE-2018-5806: libraw - An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) i... An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.18.8-1) bullseye: resolved (fixed in 0.18.8-1) forky: resolved (fixed in 0.18.8-1) sid: resolved (fixed in 0.18.8-1) trixie: resolved (fixed in 0.18.8-1)

CVE-2018-5804 [MEDIUM] CVE-2018-5804: libraw - A type confusion error within the "identify()" function (internal/dcraw_common.c... A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. Scope: local bookworm: resolved (fixed in 0.18.8-1) bullseye: resolved (fixed in 0.18.8-1) forky: resolved (fixed in 0.18.8-1) sid: resolved (fixed in 0.18.8-1) trixie: resolved (fixed in 0.18.8-1)

CVE-2018-10528 [HIGH] CVE-2018-10528: libraw - An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow... An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. Scope: local bookworm: resolved (fixed in 0.18.11-1) bullseye: resolved (fixed in 0.18.11-1) forky: resolved (fixed in 0.18.11-1) sid: resolved (fixed in 0.18.11-1) trixie: resolved (fixed in 0.18.11-1)

CVE-2018-5805 [HIGH] CVE-2018-5805: libraw - A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_... A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. Scope: local bookworm: resolved (fixed in 0.18.8-1) bullseye: resolved (fixed in 0.18.8-1) forky: resolved (fixed in 0.18.8-1) sid: resolved (fixed in 0.18.

CVE-2018-5813 [MEDIUM] CVE-2018-5813: libraw - An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw version... An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. Scope: local bookworm: resolved (fixed in 0.18.11-1) bullseye: resolved (fixed in 0.18.11-1) forky: resolved (fixed in 0.18.11-1) sid: resolved (fixed in 0.18.11-1) trixie: resolved (fixed in 0.1

CVE-2017-14265 [CRITICAL] CVE-2017-14265: libraw - A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/d... A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. Scope: local bookworm: resolved (fixed in 0.18.5-1) bullseye: resolved (fixed in 0.18.5-1) forky: resolved (fixed in 0.18.5-1) sid: resolved (fixed in 0.18.5-1) trixie: resolve

CVE-2017-6886 [CRITICAL] CVE-2017-6886: libraw - An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in L... An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Scope: local bookworm: resolved (fixed in 0.18.2-2) bullseye: resolved (fixed in 0.18.2-2) forky: resolved (fixed in 0.18.2-2) sid: resolved (fixed in 0.18.2-2) trixie: resolved (fixed in 0.18.2-2)

CVE-2017-16909 [HIGH] CVE-2017-16909: libraw - An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cp... An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. Scope: local bookworm: resolved (fixed in 0.18.6-1) bullseye: resolved (fixed in 0.18.6-1) forky: resolved (fixed in 0.18.6-1) si

CVE-2017-6887 [HIGH] CVE-2017-6887: libraw - A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.c... A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. Scope: local bookworm: resolved (fixed in 0.18.2-2) bullseye: resolved (fixed in

CVE-2017-14348 [HIGH] CVE-2017-14348: libraw - LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraI... LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. Scope: local bookworm: resolved (fixed in 0.18.5-1) bullseye: resolved (fixed in 0.18.5-1) forky: resolved (fixed in 0.18.5-1) sid: resolved (fixed in 0.18.5-1) trixie: resolved (fixed in 0.18.5-1)

CVE-2017-16910 [MEDIUM] CVE-2017-16910: libraw - An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_comm... An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. Scope: local bookworm: resolved (fixed in 0.18.6-1) bullseye: resolved (fixed in 0.18.6-1) forky: resolved (fixed in 0.18.6-1) sid: resolved

CVE-2017-14608 [CRITICAL] CVE-2017-14608: libraw - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load... In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Scope: local bookworm: resolved (fixed in 0.18.5-1) bullseye: resolved (fixed in 0.18.5-1) forky:

CVE-2017-13735 [HIGH] CVE-2017-13735: libraw - There is a floating point exception in the kodak_radc_load_raw function in dcraw... There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 0.18.5-1) bullseye: resolved (fixed in 0.18.5-1) forky: resolved (fixed in 0.18.5-1) sid: resolved (fixed in 0.18.5-1) trixie: resolved (fixed in 0.18.5-1)

CVE-2015-8367 [CRITICAL] CVE-2015-8367: darktable - The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause... The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie: resolved (fixed in 2.0.0-1

CVE-2015-8366 [CRITICAL] CVE-2015-8366: darktable - Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows... Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie: