SB2019013131 - NULL pointer dereference in libraw (Alpine package)
Published: January 31, 2019
Security Bulletin ID
SB2019013131
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-20363)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libraw_cxx.cpp in. A remote attacker can trick the victim into opening a specially crafted input and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=502e9bf832496cc7fc8c340efe91cc4e499ddce4
- https://git.alpinelinux.org/aports/commit/?id=b27c83e867672f156275bc3cfa885d43a3d6d905
- https://git.alpinelinux.org/aports/commit/?id=5e4cae1db90de2455843fe67285e3177c6085189
- https://git.alpinelinux.org/aports/commit/?id=161149cf67645cc10d73766ac31dcf11973e8d83
- https://git.alpinelinux.org/aports/commit/?id=cba9db72423fbb58598391ac61688df954bc28f8
- https://git.alpinelinux.org/aports/commit/?id=8d15414054edbac12753bac5da6407d74dd3685f
- https://git.alpinelinux.org/aports/commit/?id=05a331f304053189c9441f1756d47b8463e324c9