Main Vulnerability Database SB2018051033

SB2018051033 - Fedora 26 update for LibRaw

Published: May 10, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018051033

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2018-10529)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the X3F parser due to an out-of-bounds read condition in the X3F property table list implementation in the libraw_x3f.cpp and libraw_cxx.cppfiles. A local attacker can execute a specially crafted file and cause the service to crash.

2) Stack-based buffer overflow (CVE-ID: CVE-2018-10528)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the X3F parser due to a stack-based buffer overflow condition in the utf2char function, as defined in the libraw_cxx.cpp file. A local attacker can execute a specially crafted file and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2018-742a69ccc3