what you don't know can hurt you

LibRaw 0.17 Overflow

LibRaw 0.17 Overflow
Posted Nov 30, 2015
Authored by ChenQin

LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.

tags | advisory, code execution
advisories | CVE-2015-8366, CVE-2015-8367
MD5 | 68c42759b64238be00dbd113405ac4a9

LibRaw 0.17 Overflow

Change Mirror Download
1. Overview
The LibRaw raw image decoder <= 0.17 has multi vulnerability to cause memory errors,which may cause code execution or other problems.Problems has been fixed in 0.17.1(www.libraw.org/news/libraw-0-17-1).

2.Descryption
Case CVE-2015-8366,Libraw smal_decode_segment function do not handle index carefully,which may cause index overflow.
Case CVE-2015-8367,Libraw phase_one_correct function do not handle memory object¡¯s initialization correctly,which may cause some other problems.

3.The Solution
patches for this problem that changes the default is available(git-format-patch).



4.Recommendations
We suggest you take one of the following actions, in order of preference:
A - Upgrade LibRaw to the latest(www.libraw.org/download)
B - Apply the patch to your version and rebuild

5.Vendor Status
- 2015/11/24 I discovered the memory error bug and reported to the info@libraw.org.
- 2015/11/25 The vendor response with the coordination and publish new release(www.libraw.org/news/libraw-0-17-1 <http://www.libraw.org/news/libraw-0-17-1>).
- 2015/11/26 Cve-id request to the cve-assign@mitre.org.
- 2015/11/27 Cve-id assigned,CVE-2015-8366 and CVE-2015-8367,Mailed Vendor.
- 2015/11/30 Publish to fulldisclosure@seclists.org.

6.Credit:
ChenQin <chenqin@topsec.com.cn> of Topsec Security Team(www.topsec.com.cn)
--
Huakong Mansion, 1 East Shangdi Road, Haidian District, Beijing,100085 CN


Login or Register to add favorites

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close