Package "libraw"

Name: libraw


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • raw image decoder library (tools)

Latest version: 0.15.4-1ubuntu0.3
Release: trusty (14.04)
Level: security
Repository: universe


Other versions of "libraw" in Trusty

Repository Area Version
security main 0.15.4-1ubuntu0.3
updates universe 0.15.4-1ubuntu0.3
updates main 0.15.4-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Version: 0.15.4-1ubuntu0.3 2018-12-06 04:06:18 UTC

  libraw (0.15.4-1ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple memory management issues
    - debian/patches/CVE-2018-5807_5810.patch: out-of-bounds read and NULL
      pointer dereference in dcraw/dcraw.c and internal/dcraw_common.cpp
    - CVE-2018-5807
    - CVE-2018-5810
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
      and internal/dcraw_common.cpp
    - CVE-2018-5813

 -- Alex Murray <email address hidden> Wed, 05 Dec 2018 13:54:32 +1030

Source diff to previous version
CVE-2018-5807 out-of-bounds read in samsung_load_raw internal/dcraw_common.cpp
CVE-2018-5810 heap-based buffer overflow in rollei_load_raw internal/dcraw_common.cpp
CVE-2018-5813 infinite loop in the parse_minolta function in dcraw/dcraw.c

Version: 0.15.4-1ubuntu0.2 2018-04-03 20:06:19 UTC

  libraw (0.15.4-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in panasonic_load_raw
    - debian/patches/CVE-2017-16909.patch: add more bounds checking to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h.
    - CVE-2017-16909
  * SECURITY UPDATE: invalid read in xtrans_interpolate
    - debian/patches/CVE-2017-16910.patch: add checks and proper
      initialization to dcraw/dcraw.c.
    - CVE-2017-16910
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2018-580x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, src/libraw_cxx.cpp.
    - CVE-2018-5800
    - CVE-2018-5801
    - CVE-2018-5802
  * SECURITY UPDATE: image size and alloc issues
    - debian/patches/security_0.18.8_1.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h,
    - No CVE number
  * SECURITY UPDATE: Secunia #81000 security issues
    - debian/patches/security_0.18.8_2.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Fri, 30 Mar 2018 10:11:50 -0400

Source diff to previous version
CVE-2018-5800 Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
CVE-2018-5801 NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
CVE-2018-5802 Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp

Version: 0.15.4-1ubuntu0.1 2017-11-22 21:06:49 UTC

  libraw (0.15.4-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in ljpeg_start
    - debian/patches/CVE-2015-3885.patch: use ushort in dcraw/dcraw.c,
    - CVE-2015-3885
  * SECURITY UPDATE: index overflow and lack of initialization
    - debian/patches/CVE-2015-836x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, add proper initialization to
    - CVE-2015-8366
    - CVE-2015-8367
  * SECURITY UPDATE: memory corruption in parse_tiff_ifd
    - debian/patches/CVE-2017-688x.patch: add checks to dcraw/dcraw.c,
    - CVE-2017-6886
    - CVE-2017-6887
  * SECURITY UPDATE: floating point exception in kodak_radc_load_raw
    - debian/patches/CVE-2017-13735.patch: add checks to dcraw/dcraw.c,
    - CVE-2017-13735
  * SECURITY UPDATE: buffer overflow in xtrans_interpolate
    - debian/patches/CVE-2017-14265.patch: add checks to dcraw/dcraw.c.
    - CVE-2017-14265
  * SECURITY UPDATE: out of bounds read in kodak_65000_load_raw
    - debian/patches/CVE-2017-14608.patch: add checks to dcraw/dcraw.c,
    - CVE-2017-14608

 -- Marc Deslauriers <email address hidden> Thu, 16 Nov 2017 14:15:58 -0500

CVE-2015-3885 Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted ima
CVE-2015-8366 Index overflow in smal_decode_segment
CVE-2015-8367 Memory objects are not intialized properly
CVE-2017-6886 An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
CVE-2017-6887 A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memo
CVE-2017-13735 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of serv
CVE-2017-14265 A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote deni
CVE-2017-14608 In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp

About   -   Send Feedback to @ubuntu_updates