Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.23716
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.23716
<patchinfo incident="23716"> <issue tracker="bnc" id="1117896">VUL-1: CVE-2018-19655: dcraw: A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, o</issue> <issue tracker="bnc" id="1056170">VUL-1: CVE-2017-13735: dcraw: There is a floating point exception in the kodak_radc_load_raw functionin dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denialof service attack.</issue> <issue tracker="bnc" id="1117622">VUL-1: CVE-2018-19565: dcraw: A buffer over-read in crop_masked_pixels could be used by attackers able to supply malicious files to crash an application that bundles the code or leak private information.</issue> <issue tracker="bnc" id="1097973">VUL-0: CVE-2018-5805: libraw,dcraw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp</issue> <issue tracker="bnc" id="1117512">VUL-1: CVE-2018-19567: dcraw: A floating point exception in parse_tiff_ifd could be used by attackers able to supply malicious files to crash the application</issue> <issue tracker="bnc" id="1189642">VUL-0: CVE-2021-3624: dcraw: Buffer overflow caused by integer-overflow in foveon_load_camf()</issue> <issue tracker="bnc" id="1084690">VUL-1: CVE-2018-5801 libraw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp</issue> <issue tracker="bnc" id="1117517">VUL-1: CVE-2018-19566: dcraw: A heap buffer over-read in parse_tiff_ifd in dcraw could be used by attackers able to supply malicious files to crash the application or leak information</issue> <issue tracker="bnc" id="1097974">VUL-0: CVE-2018-5806: libraw,dcraw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp</issue> <issue tracker="bnc" id="1117436">VUL-1: CVE-2018-19568: dcraw: A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.</issue> <issue tracker="bnc" id="1063798">VUL-0: libraw: CVE-2017-14608 libraw: Out-of-bounds read in the kodak_65000_load_raw function</issue> <issue tracker="cve" id="2018-19568"/> <issue tracker="cve" id="2018-5805"/> <issue tracker="cve" id="2018-19565"/> <issue tracker="cve" id="2018-5806"/> <issue tracker="cve" id="2017-14608"/> <issue tracker="cve" id="2021-3624"/> <issue tracker="cve" id="2018-5801"/> <issue tracker="cve" id="2018-19567"/> <issue tracker="cve" id="2018-19566"/> <issue tracker="cve" id="2017-13735"/> <issue tracker="cve" id="2018-19655"/> <packager>fstrba</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for dcraw</summary> <description>This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622). - CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517). - CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512). - CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436). - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642). Non-security fixes: - Updated to version 9.28.0. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor