LibRaw: Multiple vulnerabilities — GLSA 201701-60

Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code.

Affected Packages

media-libs/libraw on all architectures
Affected versions < 0.17.1
Unaffected versions >= 0.17.1

Background

LibRaw is a library for reading RAW files obtained from digital photo cameras.

Description

Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details.

Impact

An attacker could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All LibRaw users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.17.1"
 

References

Release Date
January 24, 2017

Latest Revision
April 30, 2017: 2

Severity
normal

Exploitable
local, remote

Bugzilla entries