Bugzilla – Bug 1208470
VUL-0: CVE-2021-32142: libraw: Buffer Overflow in the LibRaw_buffer_datastream:gets function
Last modified: 2024-05-06 08:11:50 UTC
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32142 https://www.cve.org/CVERecord?id=CVE-2021-32142 https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 https://github.com/LibRaw/LibRaw/issues/400 https://github.com/gtt1995 https://www.libraw.org/
Affected packages: - SUSE:SLE-12:Update/libraw 0.15.4 - SUSE:SLE-15:Update/libraw 0.18.9 - SUSE:SLE-15-SP4:Update/libraw 0.20.2 - openSUSE:Backports:SLE-15-SP3/libraw 0.18.9 Upstream patch: https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
(In reply to Gabriele Sonnu from comment #1) > - openSUSE:Backports:SLE-15-SP3/libraw 0.18.9 https://build.opensuse.org/request/show/1066754 not sure this is correct, though
(In reply to Petr Gajdos from comment #3) > (In reply to Gabriele Sonnu from comment #1) > > - openSUSE:Backports:SLE-15-SP3/libraw 0.18.9 > > https://build.opensuse.org/request/show/1066754 > > not sure this is correct, though According to information I get from Simon/Marcus, openSUSE:Backports:SLE-15-SP3 is no longer supported.
Submitted for 15sp4,15,12/libraw. I believe all fixed.
SUSE-SU-2023:0512-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1208470 CVE References: CVE-2021-32142 Sources used: openSUSE Leap 15.4 (src): libraw-0.20.2-150400.3.3.1 Desktop Applications Module 15-SP4 (src): libraw-0.20.2-150400.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): libraw-0.20.2-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0511-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1208470 CVE References: CVE-2021-32142 Sources used: openSUSE Leap 15.4 (src): libraw-0.18.9-150000.3.17.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): libraw-0.18.9-150000.3.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0510-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1208470 CVE References: CVE-2021-32142 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libraw-0.15.4-36.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): libraw-0.15.4-36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1208470) was mentioned in https://build.opensuse.org/request/show/1132688 Factory / libraw
done, closing