oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

dcraw and CVE-2015-8366 + CVE-2015-8367

From: Ben Woods <woodsb02 () gmail com>
Date: Sun, 16 Oct 2016 00:50:36 +0800
Hi Dave,

I was wondering if you could comment on whether dcraw is affected by these
2 CVEs and whether new versions have been released which remove the
vulnerability?

I noticed you mentioned in the mailing list post below that "CVE-2015-8366
will be fixed in v9.27" - did that end up getting fixed in 9.27? How about
CVE-2015-83667?
http://seclists.org/oss-sec/2016/q1/526

CVE-2015-8366
Index overflow in smal_decode_segment
Fixed in LibRaw by:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2


CVE-2015-8367
Memory objects are not intialized properly
Fixed in LibRaw by:
https://github.com/LibRaw/LibRaw/commit/490ef94d1796f730180039e80997efe5c58db780


Thanks for your help.

Regards,
Ben

--
From: Benjamin Woods
woodsb02 () gmail com
Previous By Date Next
Previous By Thread Next

Current thread: