{"id":"MGASA-2020-0157","summary":"Updated dcraw packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nThere is a floating point exception in the kodak_radc_load_raw function\nin dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial\nof service attack. (CVE-2017-13735)\n\nIn LibRaw through 0.18.4, an out of bounds read flaw related to\nkodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/\ndcraw_common.cpp. An attacker could possibly exploit this flaw to\ndisclose potentially sensitive memory or cause an application crash.\n(CVE-2017-14608)\n\nA stack-based buffer overflow in the find_green() function of dcraw\nthrough 9.28, as used in ufraw-batch and many other products, may allow\na remote attacker to cause a control-flow hijack, denial-of-service, or\nunspecified other impact via a maliciously crafted raw photo file.\n(CVE-2018-19655)\n","modified":"2026-04-16T00:11:21.096571855Z","published":"2020-04-03T22:53:32Z","upstream":["CVE-2017-13735","CVE-2017-14608","CVE-2018-19655"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0157.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26406"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21757"}],"affected":[{"package":{"name":"dcraw","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/dcraw?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.28.0-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0157.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}