[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LibRaw 0.18.7 Denial Of Service Vulnerability

Author
Laurent Delosieres
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-29680
Category
dos / poc
Date add
01-02-2018
CVE
CVE-2018-5800
CVE-2018-5801
CVE-2018-5802
Platform
linux
LibRaw 0.18.7 Denial Of Service Vulnerability


======================================================================
1) Affected Software

* LibRaw versions prior to 0.18.7.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Denial of Service
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered multiple vulnerabilities in LibRaw,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

1) An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()"
function (internal/dcraw_common.cpp) can be exploited to cause a heap-
based buffer overflow and subsequently cause a crash.

2) An   error   within   the   "LibRaw::unpack()"   function
(src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer
dereference.

3) An   error   within   the   "kodak_radc_load_raw()"   function
(internal/dcraw_common.cpp) related to the "buf" variable can be
exploited to  cause  an out-of-bounds read memory access  and
subsequently cause a crash.

Successful exploitation of this vulnerability requires the library to
be compiled with the "-O0" compilation flag.

The vulnerabilities are confirmed in version 0.18.6 and reported in
versions prior to 0.18.7.

======================================================================
4) Solution

Update to version 0.18.7.

======================================================================
5) Time Table

2018/01/16 - Maintainer contacted with the vulnerability details.
2018/01/19 - Maintainer confirmed the vulnerabilities.
2018/01/19 - Maintainer released a fix.
2018/01/25 - Release of Secunia Advisory SA79000.
2018/01/29 - Public disclosure of Secunia Research Advisory.

======================================================================
6) Credits

Laurent Delosieres, Secunia Research at Flexera Software.

======================================================================
7) References

The   Flexera Software CNA   has   assigned   the   CVE-2018-5800,
CVE-2018-5801, and CVE-2018-5802 identifiers for the vulnerabilities
through the Common Vulnerabilities and Exposures (CVE) project.

#  0day.today [2024-12-24]  #