Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 908041 (CVE-2023-1729)

Summary: <media-libs/libraw-0.21.1-r1: heap buffer overflow
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 916384    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 04:41:23 UTC 
CVE-2023-1729 (https://github.com/LibRaw/LibRaw/issues/557):

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

Unreleased fix is at: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93
Comment 1 Larry the Git Cow gentoo-dev 2023-10-15 10:27:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bfc77ff0d80c08df6ca2401ef3c77faecd1680f

commit 8bfc77ff0d80c08df6ca2401ef3c77faecd1680f
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2023-10-15 10:27:22 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-15 10:27:56 +0000

    media-libs/libraw: fix CVE-2023-1729
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 .../libraw/files/libraw-0.21.1-CVE-2023-1729.patch | 22 ++++++++
 media-libs/libraw/libraw-0.21.1-r1.ebuild          | 62 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-25 09:56:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=763d29a25989ce828980fdfc934d9dc8466f14bf

commit 763d29a25989ce828980fdfc934d9dc8466f14bf
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2023-11-25 09:55:50 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:56:11 +0000

    media-libs/libraw: drop 0.21.1
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 media-libs/libraw/libraw-0.21.1.ebuild | 60 ----------------------------------
 1 file changed, 60 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-12-22 11:43:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=affa1a2c2505f788538803e773c1acbcf2427c54

commit affa1a2c2505f788538803e773c1acbcf2427c54
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-22 11:43:10 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-22 11:43:34 +0000

    [ GLSA 202312-08 ] LibRaw: Heap Buffer Overflow
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-08.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)