Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Jun 2013 12:16:42 +0200
From: Alexander Bergmann <abergmann@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libraw: multiple issues

On Tue, Jun 04, 2013 at 03:51:14PM +0200, Raphael Geissert wrote:
> Hi again,
> 
> On 29 May 2013 20:00, Kurt Seifried <kseifried@...hat.com> wrote:
> > On 05/29/2013 03:18 AM, Raphael Geissert wrote:
> >> On 28 May 2013 19:58, Kurt Seifried <kseifried@...hat.com> wrote:
> >>> On 05/28/2013 02:43 AM, Raphael Geissert wrote:
> >>>> So there's a double-free (fixed in 0.15.2[3])
> >>
> >> https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
> >
> > Please use CVE-2013-2126 for this issue.
> 
> FWIW, I've noticed that libkdcraw and darktable embed copies of libraw
> that are vulnerable to the double free.

In which libraw version was this problem actually introduced?

darktable uses embedded libraw 0.14.7
libkdcraw uses embedded libraw 0.15.0

I found a commit that introduced the "// allocate image as temporary 
buffer, size" stuff within commit 1a8e92ff, and that was part of 0.14.0.


Regards,
Alex

-- 
Alexander Bergmann <abergmann@...e.com>
Security Software Engineer
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ