Debian Package Tracker
Register | Log in
Subscribe

libraw

Choose email to subscribe with

general
  • source: libraw (main)
  • version: 0.20.2-1
  • maintainer: Debian PhotoTools Maintainers (archive) (DMD)
  • uploaders: Matteo F. Vescovi [DMD]
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.16.0-9+deb8u3
  • o-o-sec: 0.16.0-9+deb8u4
  • oldstable: 0.17.2-6+deb9u1
  • old-sec: 0.17.2-6+deb9u1
  • stable: 0.19.2-2
  • testing: 0.20.2-1
  • unstable: 0.20.2-1
versioned links
  • 0.16.0-9+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.16.0-9+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.17.2-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.19.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.20.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libraw-bin
  • libraw-dev
  • libraw-doc
  • libraw20
action needed
lintian reports 2 warnings normal
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-09-21 Last update: 2020-09-21 06:03
31 ignored security issues in stretch low
There are 31 open security issues in stretch.
31 issues skipped by the security teams:
  • CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
  • CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
  • CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
  • CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
  • CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
  • CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
  • CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
  • CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
  • CVE-2018-20337: There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
  • CVE-2018-20363: LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
  • CVE-2018-20364: LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
  • CVE-2018-20365: LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
  • CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
  • CVE-2018-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
  • CVE-2018-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
  • CVE-2018-5804: A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
  • CVE-2018-5805: A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
  • CVE-2018-5806: An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
  • CVE-2018-5807: An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
  • CVE-2018-5808: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
  • CVE-2018-5809: An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
  • CVE-2018-5810: An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
  • CVE-2018-5811: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
  • CVE-2018-5812: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
  • CVE-2018-5813: An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
  • CVE-2018-5815: An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
  • CVE-2018-5817: A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
  • CVE-2018-5818: An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
  • CVE-2018-5819: An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
  • CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
  • CVE-2020-24889: A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Please fix them.
Created: 2017-09-05 Last update: 2020-11-25 07:04
2 ignored security issues in buster low
There are 2 open security issues in buster.
2 issues skipped by the security teams:
  • CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
  • CVE-2020-24889: A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Please fix them.
Created: 2020-07-03 Last update: 2020-11-25 07:04
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-10-22] libraw 0.20.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-19] Accepted libraw 0.20.2-1 (source) into unstable (Matteo F. Vescovi)
  • [2020-08-21] libraw 0.20.0-4 MIGRATED to testing (Debian testing watch)
  • [2020-08-18] Accepted libraw 0.20.0-4 (source) into unstable (Matteo F. Vescovi)
  • [2020-08-04] Accepted libraw 0.20.0-3 (source) into experimental (Matteo F. Vescovi)
  • [2020-08-04] Accepted libraw 0.20.0-2 (source) into experimental (Matteo F. Vescovi)
  • [2020-08-04] Accepted libraw 0.20.0-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Matteo F. Vescovi)
  • [2019-08-31] libraw 0.19.5-1 MIGRATED to testing (Debian testing watch)
  • [2019-08-28] Accepted libraw 0.19.5-1 (source) into unstable (Matteo F. Vescovi)
  • [2019-08-12] libraw 0.19.4-1 MIGRATED to testing (Debian testing watch)
  • [2019-08-09] Accepted libraw 0.19.4-1 (source) into unstable (Matteo F. Vescovi)
  • [2019-07-14] libraw 0.19.3-1 MIGRATED to testing (Debian testing watch)
  • [2019-07-11] Accepted libraw 0.19.3-1 (source) into unstable (Matteo F. Vescovi)
  • [2019-03-28] Accepted libraw 0.16.0-9+deb8u4 (source amd64 all) into oldstable (Thorsten Alteholz)
  • [2019-01-13] libraw 0.19.2-2 MIGRATED to testing (Debian testing watch)
  • [2019-01-10] Accepted libraw 0.19.2-2 (source) into unstable (Matteo F. Vescovi)
  • [2018-12-30] libraw 0.19.2-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-27] Accepted libraw 0.19.2-1 (source) into unstable (Matteo F. Vescovi)
  • [2018-12-19] libraw 0.19.1-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-16] Accepted libraw 0.19.1-1 (source) into unstable (Matteo F. Vescovi)
  • [2018-11-12] libraw 0.19.0-4 MIGRATED to testing (Debian testing watch)
  • [2018-11-09] Accepted libraw 0.19.0-4 (source) into unstable (Matteo F. Vescovi)
  • [2018-08-31] libraw 0.19.0-3 MIGRATED to testing (Debian testing watch)
  • [2018-08-28] Accepted libraw 0.19.0-3 (source) into unstable (Matteo F. Vescovi)
  • [2018-07-26] Accepted libraw 0.19.0-2 (source) into experimental (Matteo F. Vescovi)
  • [2018-07-23] Accepted libraw 0.19.0-1 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
  • [2018-07-16] libraw 0.18.13-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-12] Accepted libraw 0.18.13-1 (source) into unstable (Matteo F. Vescovi)
  • [2018-06-01] libraw 0.18.11-1 MIGRATED to testing (Debian testing watch)
  • [2018-05-29] Accepted libraw 0.18.11-1 (source) into unstable (Matteo F. Vescovi)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.19.5-1ubuntu1
  • 2 bugs
  • patches for 0.19.5-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing