From ${URL} : Description Two vulnerabilities have been reported in LibRaw, which can be exploited by malicious people to potentially compromise an application using the library. 1) A double-free error exits when handling damaged full-color within Foveon and sRAW files. 2) An error during exposure correction can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in the following products and versions: * LibRaw versions prior to 0.15.2. * LibRaw-demosaic-pack-GPL2 versions prior to 0.15.2. * LibRaw-demosaic-pack-GPL3 versions prior to 0.15.2. Solution Update to version 0.15.2. Provided and/or discovered by Reported by the vendor. Changelog Further details available to Secunia VIM customers Original Advisory http://www.libraw.org/news/libraw-0-15-1 http://www.libraw.org/news/libraw-0-15-2 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
I'm pretty sure this also affects kde-base/libkdcraw (all versions), since it contains copied code. Fix at earliest expected with kde-4.11.0
(In reply to Andreas K. Hüttel from comment #1) > I'm pretty sure this also affects kde-base/libkdcraw (all versions), since > it contains copied code. Fix at earliest expected with kde-4.11.0 Confirmed. Current git KDE/4.10 (equal libkdcraw-4.10.4) contains LibRaw 0.15.0-Beta1
Marking as upstream while we wait for KDE 4.11. Perhaps we should split this into two bugs since we can stable & clean libraw while we wait for KDE?
For the record, libkdcraw-4.10.90 (i.e. 4.10-beta2) contains libraw-0.15.2, meaning the issue is fixed there.
Starting from 4.10.5-r1 and 4.10.90-r1, we unbundle libraw in libkdcraw, meaning these versions are not affected anymore if the system library is uptodate.
kde-base/libkdcraw-4.10.5-r1 is stable, so there are no affected versions of this package in the tree. media-libs/libraw-0.15.2 is stable, but there are two earlier affected versions still in the tree.
Thanks for you work. New GLSA request filed
CVE-2013-2127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2127): Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVE-2013-2126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2126): Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
This issue was resolved and addressed in GLSA 201309-09 at http://security.gentoo.org/glsa/glsa-201309-09.xml by GLSA coordinator Chris Reffett (creffett).