DCRaw: Buffer overflow — GLSA 201701-54

A buffer overflow in DCRaw might allow remote attackers to cause a Denial of Service condition.

Affected packages

media-gfx/dcraw on all architectures
Affected versions < 9.26.0
Unaffected versions >= 9.26.0

Background

Command-line decoder for raw digital photos.

Description

An integer overflow was discovered in the ljpeg_start function in DCRaw.

Impact

Remote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All DCRaw users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/dcraw-9.26.0"
 

References

Release date
January 23, 2017

Latest revision
January 23, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries