Security
Security
A buffer overread in LibRaw might allow an attacker to cause denial of service.
| Package | media-libs/libraw on all architectures |
|---|---|
| Affected versions | < 0.20.2 |
| Unaffected versions | >= 0.20.2 |
LibRaw is a library for reading RAW files obtained from digital photo cameras.
LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service.
An attacker capable of providing crafted input to LibRaw could trigger denial of service.
There is no known workaround at this time.
All LibRaw users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.2"
Release date
August 10, 2022
Latest revision
August 10, 2022: 1
Severity
low
Exploitable
remote
Bugzilla entries