FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- index overflow in smal_decode_segment

Affected packages
libraw < 0.17.1

Details

VuXML ID db04bf07-9cc8-11e5-8c2b-c335fa8985d7
Discovery 2015-11-30
Entry 2015-12-07

ChenQin reports:

The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems.

In CVE-2015-8366, LibRaw's smal_decode_segment function does not handle indexes carefully, which can cause an index overflow.

[source]

References

CVE Name CVE-2015-8366
Message http://seclists.org/fulldisclosure/2015/Nov/108
URL http://www.libraw.org/news/libraw-0-17-1
URL https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.