LibRaw 0.17 Overflow

Credit: ChenQin
Risk: High
Local: Yes
Remote: No

1. Overview The LibRaw raw image decoder <= 0.17 has multi vulnerability to cause memory errors,which may cause code execution or other problems.Problems has been fixed in 0.17.1( 2.Descryption Case CVE-2015-8366,Libraw smal_decode_segment function do not handle index carefully,which may cause index overflow. Case CVE-2015-8367,Libraw phase_one_correct function do not handle memory object¡¯s initialization correctly,which may cause some other problems. 3.The Solution patches for this problem that changes the default is available(git-format-patch). 4.Recommendations We suggest you take one of the following actions, in order of preference: A - Upgrade LibRaw to the latest( B - Apply the patch to your version and rebuild 5.Vendor Status - 2015/11/24 I discovered the memory error bug and reported to the - 2015/11/25 The vendor response with the coordination and publish new release( <>). - 2015/11/26 Cve-id request to the - 2015/11/27 Cve-id assigned,CVE-2015-8366 and CVE-2015-8367,Mailed Vendor. - 2015/11/30 Publish to 6.Credit: ChenQin <> of Topsec Security Team( -- Huakong Mansion, 1 East Shangdi Road, Haidian District, Beijing,100085 CN

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top