SB2018071910 - Denial of service in libraw
Published: July 19, 2018 Updated: December 25, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-5809)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9. A remote attacker can trick the victim into processing a specially crafted input, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2018-5808)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the find_green() function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.9. A remote attacker can trick the victim into processing a specially crafted input, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2018-5810)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to a boundary error within the rollei_load_raw() function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.9. A local attacker can supply a specially crafted input, trigger heap-based buffer overflow and cause the service to crash.
4) Infinite loop (CVE-ID: CVE-2018-5816)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a divide by zero integer overflow condition in the identify() function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.12. A remote attacker can trick the victim into processing a specially crafted NOKIARAW file, trigger an infinite loop condition and cause the service to crash.
5) Infinite loop (CVE-ID: CVE-2018-5815)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow condition in the parse_qt()function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.12. A remote attacker can trick the victim into processing a specially crafted Apple QuickTime file, trigger an infinite loop condition and cause the service to crash.
6) NULL pointer dereference (CVE-ID: CVE-2018-5812)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient validation of user-supplied input processed by the nikon_coolscan_load_raw() function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.9. A local attacker can supply a specially crafted input, trigger a NULL pointer dereference and cause the service to crash.
7) Out-of-bounds read (CVE-ID: CVE-2018-5811)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to an out-of-bounds read condition in the nikon_coolscan_load_raw() function, as defined in the internal/dcraw_common.cpp source code file in LibRaw versions prior to 0.18.9. A local attacker can supply a specially crafted input and cause the service to crash.
8) Type confusion (CVE-ID: CVE-2018-5804)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to type confusion error within the "identify()" function (internal/dcraw_common.cpp). A local attacker can supply a specially crafted input, trigger divide by zero error and cause the service to crash.
9) Out-of-bounds read (CVE-ID: CVE-2018-5807)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to an out-of-bounds read condition within the "samsung_load_raw()" function (internal/dcraw_common.cpp) . A local attacker can supply a specially crafted input and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-14/
- https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
- https://secuniaresearch.flexerasoftware.com/advisories/81000/
- https://secuniaresearch.flexerasoftware.com/advisories/81800/