Bug 1173517 (CVE-2020-15365) - VUL-0: CVE-2020-15365: libraw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp
Summary: VUL-0: CVE-2020-15365: libraw: out-of-bounds write in parse_exif function in ...
Status: RESOLVED WORKSFORME
Alias: CVE-2020-15365
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/262466/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-30 09:22 UTC by Wolfgang Frisch
Modified: 2020-06-30 13:58 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Wolfgang Frisch 2020-06-30 11:40:55 UTC 
SUSE:SLE-12:Update          Not reproducible [1]
SUSE:SLE-15:Update          Not reproducible [1]
openSUSE:Leap:15.1:Update   Not reproducible [1]
openSUSE:Leap:15.2:Update   Not reproducible [1]
openSUSE:Factory            Not reproducible [1]

[1] libraw-tools: Cannot open poc.cr3: Unsupported file format or not RAW file.
    ImageMagick: no decode delegate for this image format `CR3'.
Comment 2 Petr Gajdos 2020-06-30 13:57:51 UTC 
CR3 will be part of 0.20. No older releases are affected, which means even TW is not affected.
Comment 3 Petr Gajdos 2020-06-30 13:58:24 UTC 
*CR3 parser will ...*