{"id":"MGASA-2017-0357","summary":"Updated libraw packages fix security vulnerabilities","details":"There is a floating point exception in the kodak_radc_load_raw function\nin dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of\nservice attack. (CVE-2017-13735)\n\nA Stack-based Buffer Overflow was discovered in xtrans_interpolate in\ninternal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a\nremote denial of service or code execution attack. (CVE-2017-14265)\n\nLibRaw before 0.18.4 has a heap-based Buffer Overflow in the\nprocessCanonCameraInfo function via a crafted file. (CVE-2017-14348)\n","modified":"2026-02-02T07:40:11.804313Z","published":"2017-10-05T20:08:40Z","related":["CVE-2017-13735","CVE-2017-14265","CVE-2017-14348"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0357.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21716"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2017-09/msg00099.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4OTWHVODHFROYHMCNRUAZHNZDBH7YSPO/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OPKCTEX7MK4ILYKIBQBK3VBM5U5CRJKK/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TVI7PQ5NTNFOL4EQTLNZOPGCDLKJKXST/"},{"type":"REPORT","url":"https://www.libraw.org/news/libraw-0-18-4"}],"affected":[{"package":{"name":"libraw","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libraw?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.16.2-1.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0357.json"}},{"package":{"name":"libraw","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libraw?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.18.5-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0357.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}