oss-sec mailing list archives
Re: CVE request: libraw: multiple issues
From: Raphael Geissert <geissert () debian org>
Date: Tue, 4 Jun 2013 15:51:14 +0200
Hi again, On 29 May 2013 20:00, Kurt Seifried <kseifried () redhat com> wrote:
On 05/29/2013 03:18 AM, Raphael Geissert wrote:On 28 May 2013 19:58, Kurt Seifried <kseifried () redhat com> wrote:On 05/28/2013 02:43 AM, Raphael Geissert wrote:So there's a double-free (fixed in 0.15.2[3])https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6Please use CVE-2013-2126 for this issue.
FWIW, I've noticed that libkdcraw and darktable embed copies of libraw that are vulnerable to the double free. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: libraw: multiple issues Raphael Geissert (May 28)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
- Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)