| Bug ID | 1039210 |
|---|---|
| Summary | VUL-1: CVE-2017-6889: libraw: integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-6889 ==================================================== Description An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. ==================================================== Hyperlink [1] https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716 [2] https://secuniaresearch.flexerasoftware.com/advisories/75000/ (open-SUSE): https://software.opensuse.org/package/libraw 0.18.0 (TW, official repo) 0.17.1 (42.2, official repo) 0.16.2 (42.1, official repo) Not sure, if it is right report, please, check this out.