| Summary: | <media-libs/libraw-0.15.2, <kde-base/libkdcraw-4.10.5-r1: Double-Free and Buffer Overflow Vulnerabilities (CVE-2013-{2126,2127}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | graphics+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53547/ | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
I'm pretty sure this also affects kde-base/libkdcraw (all versions), since it contains copied code. Fix at earliest expected with kde-4.11.0 (In reply to Andreas K. Hüttel from comment #1) > I'm pretty sure this also affects kde-base/libkdcraw (all versions), since > it contains copied code. Fix at earliest expected with kde-4.11.0 Confirmed. Current git KDE/4.10 (equal libkdcraw-4.10.4) contains LibRaw 0.15.0-Beta1 Marking as upstream while we wait for KDE 4.11. Perhaps we should split this into two bugs since we can stable & clean libraw while we wait for KDE? For the record, libkdcraw-4.10.90 (i.e. 4.10-beta2) contains libraw-0.15.2, meaning the issue is fixed there. Starting from 4.10.5-r1 and 4.10.90-r1, we unbundle libraw in libkdcraw, meaning these versions are not affected anymore if the system library is uptodate. kde-base/libkdcraw-4.10.5-r1 is stable, so there are no affected versions of this package in the tree. media-libs/libraw-0.15.2 is stable, but there are two earlier affected versions still in the tree. Thanks for you work. New GLSA request filed CVE-2013-2127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2127): Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVE-2013-2126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2126): Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. This issue was resolved and addressed in GLSA 201309-09 at http://security.gentoo.org/glsa/glsa-201309-09.xml by GLSA coordinator Chris Reffett (creffett). |
From ${URL} : Description Two vulnerabilities have been reported in LibRaw, which can be exploited by malicious people to potentially compromise an application using the library. 1) A double-free error exits when handling damaged full-color within Foveon and sRAW files. 2) An error during exposure correction can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in the following products and versions: * LibRaw versions prior to 0.15.2. * LibRaw-demosaic-pack-GPL2 versions prior to 0.15.2. * LibRaw-demosaic-pack-GPL3 versions prior to 0.15.2. Solution Update to version 0.15.2. Provided and/or discovered by Reported by the vendor. Changelog Further details available to Secunia VIM customers Original Advisory http://www.libraw.org/news/libraw-0-15-1 http://www.libraw.org/news/libraw-0-15-2 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.