oss-sec mailing list archives
CVE request: libraw: multiple issues
From: Raphael Geissert <geissert () debian org>
Date: Tue, 28 May 2013 10:43:48 +0200
Hi,
From [1]: LibRaw 0.15.1 (26-05-2013)
This should be 0.15.2
Fixed possible double-free() on error recovery on damaged full-color (Foveon, sRAW) files. wchar_t* file interface disabled for MinGW32 compilation LibRaw 0.15.1 (24-05-2013) fixed wrong data maximum calculation for Panasonic files check for possible buffer overrun in exposure correction code
So there's a double-free (fixed in 0.15.2[3]) and a buffer overflow (fixed in 0.15.1[2]). Could CVE ids be assigned please? References: [1]http://www.libraw.org/download [2]http://www.libraw.org/news/libraw-0-15-1 [3]http://www.libraw.org/news/libraw-0-15-2 http://secunia.com/advisories/53547/ Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: libraw: multiple issues Raphael Geissert (May 28)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
- Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)