Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 908041 (CVE-2023-1729) - <media-libs/libraw-0.21.1-r1: heap buffer overflow
Summary: <media-libs/libraw-0.21.1-r1: heap buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2023-1729
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 916384
Blocks:
  Show dependency tree
 
Reported: 2023-06-08 04:41 UTC by John Helmert III
Modified: 2023-12-22 11:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 04:41:23 UTC 
CVE-2023-1729 (https://github.com/LibRaw/LibRaw/issues/557):

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

Unreleased fix is at: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93
Comment 1 Larry the Git Cow gentoo-dev 2023-10-15 10:27:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bfc77ff0d80c08df6ca2401ef3c77faecd1680f

commit 8bfc77ff0d80c08df6ca2401ef3c77faecd1680f
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2023-10-15 10:27:22 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-15 10:27:56 +0000

    media-libs/libraw: fix CVE-2023-1729
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 .../libraw/files/libraw-0.21.1-CVE-2023-1729.patch | 22 ++++++++
 media-libs/libraw/libraw-0.21.1-r1.ebuild          | 62 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-25 09:56:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=763d29a25989ce828980fdfc934d9dc8466f14bf

commit 763d29a25989ce828980fdfc934d9dc8466f14bf
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2023-11-25 09:55:50 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:56:11 +0000

    media-libs/libraw: drop 0.21.1
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 media-libs/libraw/libraw-0.21.1.ebuild | 60 ----------------------------------
 1 file changed, 60 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-12-22 11:43:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=affa1a2c2505f788538803e773c1acbcf2427c54

commit affa1a2c2505f788538803e773c1acbcf2427c54
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-22 11:43:10 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-22 11:43:34 +0000

    [ GLSA 202312-08 ] LibRaw: Heap Buffer Overflow
    
    Bug: https://bugs.gentoo.org/908041
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-08.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)