http://bugzilla.opensuse.org/show_bug.cgi?id=1039210 Bug ID: 1039210 Summary: VUL-1: CVE-2017-6889: libraw: integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-6889 ==================================================== Description An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. ==================================================== Hyperlink [1] https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8... [2] https://secuniaresearch.flexerasoftware.com/advisories/75000/ (open-SUSE): https://software.opensuse.org/package/libraw 0.18.0 (TW, official repo) 0.17.1 (42.2, official repo) 0.16.2 (42.1, official repo) Not sure, if it is right report, please, check this out. -- You are receiving this mail because: You are on the CC list for the bug.