Bug ID | 1039210 |
---|---|
Summary | VUL-1: CVE-2017-6889: libraw: integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-6889 ==================================================== Description An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. ==================================================== Hyperlink [1] https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716 [2] https://secuniaresearch.flexerasoftware.com/advisories/75000/ (open-SUSE): https://software.opensuse.org/package/libraw 0.18.0 (TW, official repo) 0.17.1 (42.2, official repo) 0.16.2 (42.1, official repo) Not sure, if it is right report, please, check this out.