Bugzilla – Bug 1097973
VUL-0: CVE-2018-5805: libraw,dcraw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
Last modified: 2024-05-06 12:14:02 UTC
rh#1591887 A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. References: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 References: https://bugzilla.redhat.com/show_bug.cgi?id=1591887 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5805
For the record, this is the upstream fix: https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
For libraw: already fixed libraw-SA81000.patch. Will adjust rpm changelogs for 42.3/libraw and 12/libraw.
Will submit for: 42.3/libraw and 12/libraw.
I believe all fixed for libraw.
This is an autogenerated message for OBS integration: This bug (1097973) was mentioned in https://build.opensuse.org/request/show/660000 42.3 / libraw
openSUSE-SU-2018:4299-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1097973,1097974,1097975,1118894 CVE References: CVE-2018-5804,CVE-2018-5805,CVE-2018-5806,CVE-2018-5808,CVE-2018-5816 Sources used: openSUSE Leap 42.3 (src): libraw-0.17.1-26.1
SUSE-SU-2019:0002-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1097973,1097974,1118894 CVE References: CVE-2018-5805,CVE-2018-5806,CVE-2018-5808 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Desktop 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libraw-0.15.4-27.1
fixed
please re-assign tickets that are done to the security team to verify if the issue is complete as this is not straight forward. We have tracking in place which makes this easier for us. In this specific case dcraw is still unfixed and would need submissions in SUSE:SLE-12:Update.
SUSE-SU-2022:1277-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: openSUSE Leap 15.4 (src): dcraw-9.28.0-150000.3.3.1 openSUSE Leap 15.3 (src): dcraw-9.28.0-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1749-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): dcraw-9.28.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dcraw-9.28.0-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.