Bugzilla – Bug 1189642
VUL-0: CVE-2021-3624: dcraw: Buffer overflow caused by integer-overflow in foveon_load_camf()
Last modified: 2024-05-06 12:08:32 UTC
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 References: https://bugzilla.redhat.com/show_bug.cgi?id=1968040 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3624
No patch yet available, seems hard to get in touch with the upstream.
Still no answer from the upstream, but here is a description of the vulnerable code (as reported by the researcher [0]). ``` The vulnerability resides in foveon_load_camf() function in dcraw.c file. The program reads data from the input image using get4(). type = get4(); get4(); get4(); wide = get4(); high = get4(); Since there is no sanitization for these variables, we can set their values freely. Let type=4, and wide and high are enough large values which can make overflow. Then, it will lead to small memory allocation at the below code. } else if (type == 4) { free (meta_data); meta_length = wide*high*3/2; meta_data = (char *) malloc (meta_length); Therefore, when we read data to this allocated buffer, it causes the buffer overrun which may lead to arbitrary code execution or program crash. ``` This security bug exists in the following packages: - SUSE:SLE-12:Update/dcraw 9.22 - openSUSE:Factory/dcraw 9.28.0 - openSUSE:Backports:SLE-15-SP2/dcraw 9.27.0 - openSUSE:Backports:SLE-15-SP3/dcraw 9.27.0 [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761
SUSE-SU-2022:1277-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: openSUSE Leap 15.4 (src): dcraw-9.28.0-150000.3.3.1 openSUSE Leap 15.3 (src): dcraw-9.28.0-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1749-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1056170,1063798,1084690,1097973,1097974,1117436,1117512,1117517,1117622,1117896,1189642 CVE References: CVE-2017-13735,CVE-2017-14608,CVE-2018-19565,CVE-2018-19566,CVE-2018-19567,CVE-2018-19568,CVE-2018-19655,CVE-2018-5801,CVE-2018-5805,CVE-2018-5806,CVE-2021-3624 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): dcraw-9.28.0-3.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dcraw-9.28.0-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.