Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) can be exploited to trigger a division by zero via specially crafted NOKIARAW file. The vulnerabilities are confirmed in version 0.18.11. Prior versions may also be affected.
4613e82ee83759da6d65852d98e41add198de465ce0b423e487854f90211db04
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed