FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libraw -- memory objects not properly initialized

Affected packages
libraw < 0.17.1

Details

VuXML ID 6bc6eed2-9cca-11e5-8c2b-c335fa8985d7
Discovery 2015-11-30
Entry 2015-12-07

ChenQin reports:

The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems.

In CVE-2015-8367, LibRaw's phase_one_correct function does not handle memory initialization correctly, which may cause other problems.

[source]

References

CVE Name CVE-2015-8367
Message http://seclists.org/fulldisclosure/2015/Nov/108
URL http://www.libraw.org/news/libraw-0-17-1
URL https://github.com/LibRaw/LibRaw/commit/490ef94d1796f730180039e80997efe5c58db780

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.