FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- denial of service and remote code execution

Affected packages
libraw < 0.18.3

Details

VuXML ID 4cd857d9-26d2-4417-b765-69701938f9e0
Discovery 2017-09-11
Entry 2017-09-26

libraw developers report:

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

References

CVE Name CVE-2017-14265
URL https://github.com/LibRaw/LibRaw/issues/99