SB2019013133 - Heap-based buffer overflow in libraw (Alpine package)
Published: January 31, 2019
Security Bulletin ID
SB2019013133
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2018-20365)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in libraw_cxx.cpp. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and perform DoS attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5e4cae1db90de2455843fe67285e3177c6085189
- https://git.alpinelinux.org/aports/commit/?id=161149cf67645cc10d73766ac31dcf11973e8d83
- https://git.alpinelinux.org/aports/commit/?id=cba9db72423fbb58598391ac61688df954bc28f8
- https://git.alpinelinux.org/aports/commit/?id=8d15414054edbac12753bac5da6407d74dd3685f
- https://git.alpinelinux.org/aports/commit/?id=05a331f304053189c9441f1756d47b8463e324c9