Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-1729

Source

Debian Bug report logs - #1036281
libraw: CVE-2023-1729

Package: src:libraw; Maintainer for src:libraw is Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>;

Affects: darktable

Reported by: Moritz Mühlenhoff <jmm@inutil.org>

Date: Thu, 18 May 2023 13:24:01 UTC

Severity: grave

Tags: security, upstream

Found in version libraw/0.20.2-2

Forwarded to https://github.com/LibRaw/LibRaw/issues/557

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#1036281; Package src:libraw. (Thu, 18 May 2023 13:24:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Thu, 18 May 2023 13:24:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: libraw
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for libraw.

CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an application crash.

https://bugzilla.redhat.com/show_bug.cgi?id=2188240
https://github.com/LibRaw/LibRaw/issues/557
Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master)
Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1729
    https://www.cve.org/CVERecord?id=CVE-2023-1729

Please adjust the affected versions in the BTS as needed.

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 18 May 2023 14:45:04 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/LibRaw/LibRaw/issues/557'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 18 May 2023 14:45:05 GMT) (full text, mbox, link).

Marked as found in versions libraw/0.20.2-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 18 May 2023 14:45:07 GMT) (full text, mbox, link).

Added indication that 1036281 affects darktable Request was from David Bremner <bremner@debian.org> to control@bugs.debian.org. (Thu, 18 May 2023 19:30:02 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri May 19 13:13:06 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

libraw: CVE-2023-1729

Debian Bug report logs - #1036281
libraw: CVE-2023-1729

Vulmon Search

About

Products

Connect

libraw: CVE-2023-1729

Debian Bug report logs - #1036281 libraw: CVE-2023-1729

Vulmon Search

About

Products

Connect

Debian Bug report logs - #1036281
libraw: CVE-2023-1729