oss-sec mailing list archives

Re: CVE request: libraw: multiple issues

From: Raphael Geissert <geissert () debian org>
Date: Tue, 11 Jun 2013 10:30:42 +0200

Hi,

On 10 June 2013 12:16, Alexander Bergmann <abergmann () suse com> wrote:

In which libraw version was this problem actually introduced?


I don't know exactly, CC'ing upstream for this.

darktable uses embedded libraw 0.14.7
libkdcraw uses embedded libraw 0.15.0

I found a commit that introduced the "// allocate image as temporary
buffer, size" stuff within commit 1a8e92ff, and that was part of 0.14.0.


libkdcraw, as it used to be included in kdegraphics in KDE 4.4, used
libraw 0.8.x and possibly older versions.

Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

CVE request: libraw: multiple issues Raphael Geissert (May 28)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
  - Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
    - Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
    - Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
    - Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)
    - Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)