Bug#1036281: libraw: CVE-2023-1729

Moritz Mühlenhoff jmm at inutil.org
Thu May 18 14:20:39 BST 2023


Source: libraw
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for libraw.

CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an application crash.

https://bugzilla.redhat.com/show_bug.cgi?id=2188240
https://github.com/LibRaw/LibRaw/issues/557
Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master)
Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1729
    https://www.cve.org/CVERecord?id=CVE-2023-1729

Please adjust the affected versions in the BTS as needed.



More information about the Pkg-phototools-devel mailing list