Information on source package libraw

Available versions

ReleaseVersion
wheezy0.14.6-2+deb7u1
wheezy (security)0.14.6-2+deb7u3
jessie (security)0.16.0-9+deb8u3
stretch (security)0.17.2-6+deb9u1
buster0.18.8-2
sid0.18.8-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2018-5802vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerable (no DSA)fixedfixedOut-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
CVE-2018-5801vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerable (no DSA)fixedfixedNULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
CVE-2018-5800vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerable (no DSA)fixedfixedHeap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
CVE-2017-16910vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2017-16909vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2017-14608fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedIn LibRaw through 0.18.4, an out of bounds read flaw related to ...
CVE-2017-14348fixedfixedvulnerable (no DSA)fixedfixedLibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...
CVE-2017-14265fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedA Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...
CVE-2017-13735vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedThere is a floating point exception in the kodak_radc_load_raw function ...
CVE-2013-2126vulnerable (no DSA)fixedfixedfixedfixedMultiple double free vulnerabilities in the LibRaw::unpack function in ...
CVE-2013-1439vulnerable (no DSA)fixedfixedfixedfixedThe "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...
CVE-2013-1438vulnerable (no DSA)fixedfixedfixedfixedUnspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...

Resolved issues

BugDescription
CVE-2017-6887A boundary error within the "parse_tiff_ifd()" function ...
CVE-2017-6886An error within the "parse_tiff_ifd()" function ...
CVE-2015-8367Memory objects are not intialized properly
CVE-2015-8366Index overflow in smal_decode_segment
CVE-2015-3885Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...
CVE-2013-2127Buffer overflow in the exposure correction code in LibRaw before ...

Security announcements

DSA / DLADescription
DLA-1109-1libraw - security update
DSA-3950-1libraw - security update
DSA-3950-1libraw - security update
DLA-1057-1libraw - security update
DLA-243-1libraw - security update

Search for package or bug name: Reporting problems