PT-2017-4262 · Libraw+2 · Libraw+2
Fgeeko
+1
·
Publicado
2017-09-12
·
Atualizado
2024-06-15
·
CVE-2017-14348
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
LibRaw versions prior to 0.18.4
Description
The issue is related to a heap-based Buffer Overflow in the
processCanonCameraInfo function, which can be triggered by a crafted file. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.Recommendations
For versions prior to 0.18.4, update to version 0.18.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
processCanonCameraInfo function until a patch is available. Avoid using LibRaw to process untrusted or crafted files until the issue is resolved.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Libraw
Ubuntu