Bugzilla – Bug 1097974
VUL-0: CVE-2018-5806: libraw,dcraw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp
Last modified: 2024-05-06 12:19:11 UTC
rh#1591897 An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) can be exploited to trigger a NULL pointer dereference. References: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 References: https://bugzilla.redhat.com/show_bug.cgi?id=1591897 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5806
For libraw: already fixed libraw-SA81000.patch. Will adjust rpm changelogs for 42.3/libraw and 12/libraw.
Will submit for: 42.3/libraw and 12/libraw.
I believe all fixed for libraw.
This is an autogenerated message for OBS integration: This bug (1097974) was mentioned in https://build.opensuse.org/request/show/660000 42.3 / libraw
openSUSE-SU-2018:4299-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1097973,1097974,1097975,1118894 CVE References: CVE-2018-5804,CVE-2018-5805,CVE-2018-5806,CVE-2018-5808,CVE-2018-5816 Sources used: openSUSE Leap 42.3 (src): libraw-0.17.1-26.1
SUSE-SU-2019:0002-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1097973,1097974,1118894 CVE References: CVE-2018-5805,CVE-2018-5806,CVE-2018-5808 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Desktop 12-SP4 (src): libraw-0.15.4-27.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libraw-0.15.4-27.1
fixed
please re-assign tickets that are done to the security team to verify if the issue is complete as this is not straight forward. We have tracking in place which makes this easier for us. In this specific case dcraw is till unfixed and would need submissions in SUSE:SLE-12:Update.
SUSE-SU-2022:1277-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: openSUSE Leap 15.4 (src): dcraw-9.28.0-150000.3.3.1 openSUSE Leap 15.3 (src): dcraw-9.28.0-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1749-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): dcraw-9.28.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dcraw-9.28.0-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.