[Pkg-phototools-devel] Bug#917080: libraw: CVE-2018-20337

Salvatore Bonaccorso carnil at debian.org
Sat Dec 22 09:47:14 GMT 2018 

Source: libraw
Version: 0.19.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/LibRaw/LibRaw/issues/192

Hi,

The following vulnerability was published for libraw.

The issue is still present in 0.19.1-1 (note there was first some
confusion on the affected version as reported by the reporter). But
current sid (0.19.1-1):

==11669== Memcheck, a memory error detector
==11669== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11669== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==11669== Command: /usr/lib/libraw/raw-identify LibRaw_crashes_1
==11669==
*** buffer overflow detected ***: /usr/lib/libraw/raw-identify terminated
==11669==
==11669== Process terminating with default action of signal 6 (SIGABRT)
==11669==    at 0x4B0F85B: raise (raise.c:51)
==11669==    by 0x4AFA534: abort (abort.c:79)
==11669==    by 0x4B51717: __libc_message (libc_fatal.c:181)
==11669==    by 0x4BE2BBC: __fortify_fail_abort (fortify_fail.c:33)
==11669==    by 0x4BE2BF0: __fortify_fail (fortify_fail.c:44)
==11669==    by 0x4BE0CEF: __chk_fail (chk_fail.c:28)
==11669==    by 0x4BE02A8: __strncpy_chk (strncpy_chk.c:26)
==11669==    by 0x489F786: strncpy (string_fortified.h:106)
==11669==    by 0x489F786: LibRaw::parse_makernote(int, int) (dcraw_common.cpp:10349)
==11669==    by 0x48A5FD9: LibRaw::parse_exif(int) (dcraw_common.cpp:11857)
==11669==    by 0x48980F6: LibRaw::parse_tiff_ifd(int) (dcraw_common.cpp:13262)
==11669==    by 0x48A60D5: parse_tiff (dcraw_common.cpp:14080)
==11669==    by 0x48A60D5: LibRaw::parse_tiff(int) (dcraw_common.cpp:14069)
==11669==    by 0x48AA86F: LibRaw::identify() (dcraw_common.cpp:17781)
==11669==
==11669== HEAP SUMMARY:
==11669==     in use at exit: 296,417 bytes in 8 blocks
==11669==   total heap usage: 10 allocs, 2 frees, 401,937 bytes allocated
==11669==
==11669== LEAK SUMMARY:
==11669==    definitely lost: 0 bytes in 0 blocks
==11669==    indirectly lost: 0 bytes in 0 blocks
==11669==      possibly lost: 0 bytes in 0 blocks
==11669==    still reachable: 296,417 bytes in 8 blocks
==11669==         suppressed: 0 bytes in 0 blocks
==11669== Rerun with --leak-check=full to see details of leaked memory
==11669==
==11669== For counts of detected and suppressed errors, rerun with: -v
==11669== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted

CVE-2018-20337[0]:
| There is a stack-based buffer overflow in the parse_makernote function
| of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a
| denial of service or possibly unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20337
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337
[1] https://github.com/LibRaw/LibRaw/issues/192

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

More information about the Pkg-phototools-devel mailing list