Bug 1117896 (CVE-2018-19655) - VUL-1: CVE-2018-19655: dcraw: A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, o
Summary: VUL-1: CVE-2018-19655: dcraw: A stack-based buffer overflow in the find_green...
Status: RESOLVED FIXED
Alias: CVE-2018-19655
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/219900/
Whiteboard: CVSSv3:SUSE:CVE-2018-19655:5.5:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-30 10:01 UTC by Marcus Meissner
Modified: 2024-05-06 12:01 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
poc_ovf (85 bytes, application/octet-stream)
2018-11-30 10:02 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-30 10:01:43 UTC 
CVE-2018-19655

A stack-based buffer overflow in the find_green() function of dcraw through
9.28, as used in ufraw-batch and many other products, may allow a remote
attacker to cause a control-flow hijack, denial-of-service, or unspecified other
impact via a maliciously crafted raw photo file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19655
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19655.html
Comment 1 Marcus Meissner 2018-11-30 10:02:33 UTC 
Created attachment 791403 [details]
poc_ovf

QA REPRODUCER:

dcraw poc_ovf

should not crash
Comment 2 Petr Gajdos 2018-12-19 11:09:48 UTC 
With high probability, this is CVE-2018-5808 for libraw itself. I checked with 42.3/libraw that raw-identify crashes before and does not crash after. I can not check with commit to be 100% sure.

security-team: please adjust your tracking if you have not any objections
Comment 3 Karol Babioch 2018-12-20 13:12:02 UTC 
Adjusted our internal tracking, thanks for your investigation.
Comment 4 Karol Babioch 2018-12-20 13:12:55 UTC 
However, we only took care of libraw, not have looked into dcraw yet.
Comment 5 Swamp Workflow Management 2019-02-12 11:10:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1117896) was mentioned in
https://build.opensuse.org/request/show/673630 Factory / ufraw
Comment 8 Swamp Workflow Management 2022-04-20 10:29:50 UTC 
SUSE-SU-2022:1277-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642
CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dcraw-9.28.0-150000.3.3.1
openSUSE Leap 15.3 (src):    dcraw-9.28.0-150000.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-05-19 19:23:09 UTC 
SUSE-SU-2022:1749-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642
CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    dcraw-9.28.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    dcraw-9.28.0-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.