SB2017122805 - Out-of-bounds read in libraw (Alpine package)
Published: December 28, 2017
Security Bulletin ID
SB2017122805
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2017-16910)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to incorrect handling of photo files. A local attacker can send specially crafted files, trigger invalid read memory access in the LibRaw::xtrans_interpolate() function and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5e4cae1db90de2455843fe67285e3177c6085189
- https://git.alpinelinux.org/aports/commit/?id=161149cf67645cc10d73766ac31dcf11973e8d83
- https://git.alpinelinux.org/aports/commit/?id=cba9db72423fbb58598391ac61688df954bc28f8
- https://git.alpinelinux.org/aports/commit/?id=8d15414054edbac12753bac5da6407d74dd3685f
- https://git.alpinelinux.org/aports/commit/?id=05a331f304053189c9441f1756d47b8463e324c9
- https://git.alpinelinux.org/aports/commit/?id=7ad00f095f665792e9c615fb0012062026176e87
- https://git.alpinelinux.org/aports/commit/?id=e1814d98e65724fda7289734e3a3624ae2c74747