dcraw-9.28.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11997 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dcraw-9.28.0-2.1 on GA media These are all security issues fixed in the dcraw-9.28.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11997 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11997 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-19566/ SUSE CVE CVE-2018-19566 page https://www.suse.com/security/cve/CVE-2018-19568/ SUSE CVE CVE-2018-19568 page https://www.suse.com/security/cve/CVE-2018-5805/ SUSE CVE CVE-2018-5805 page https://www.suse.com/security/cve/CVE-2018-5806/ SUSE CVE CVE-2018-5806 page https://www.suse.com/security/cve/CVE-2021-3624/ SUSE CVE CVE-2021-3624 page openSUSE Tumbleweed dcraw-9.28.0-2.1 dcraw-lang-9.28.0-2.1 dcraw-9.28.0-2.1 as a component of openSUSE Tumbleweed dcraw-lang-9.28.0-2.1 as a component of openSUSE Tumbleweed A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. CVE-2018-19566 openSUSE Tumbleweed:dcraw-9.28.0-2.1 openSUSE Tumbleweed:dcraw-lang-9.28.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19566.html CVE-2018-19566 https://bugzilla.suse.com/1117517 SUSE Bug 1117517 A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. CVE-2018-19568 openSUSE Tumbleweed:dcraw-9.28.0-2.1 openSUSE Tumbleweed:dcraw-lang-9.28.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19568.html CVE-2018-19568 https://bugzilla.suse.com/1117436 SUSE Bug 1117436 A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. CVE-2018-5805 openSUSE Tumbleweed:dcraw-9.28.0-2.1 openSUSE Tumbleweed:dcraw-lang-9.28.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5805.html CVE-2018-5805 https://bugzilla.suse.com/1097973 SUSE Bug 1097973 An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. CVE-2018-5806 openSUSE Tumbleweed:dcraw-9.28.0-2.1 openSUSE Tumbleweed:dcraw-lang-9.28.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5806.html CVE-2018-5806 https://bugzilla.suse.com/1097974 SUSE Bug 1097974 There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 openSUSE Tumbleweed:dcraw-9.28.0-2.1 openSUSE Tumbleweed:dcraw-lang-9.28.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3624.html CVE-2021-3624 https://bugzilla.suse.com/1189642 SUSE Bug 1189642