Bug#1036281: libraw: CVE-2023-1729
Moritz Mühlenhoff
jmm at inutil.org
Thu May 18 14:20:39 BST 2023
Source: libraw
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libraw.
CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an application crash.
https://bugzilla.redhat.com/show_bug.cgi?id=2188240
https://github.com/LibRaw/LibRaw/issues/557
Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master)
Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1729
https://www.cve.org/CVERecord?id=CVE-2023-1729
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-phototools-devel
mailing list