[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3433-1] libraw security update

Debian LTS Advisory DLA-3433-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Guilhem Moulin
May 27, 2023                                  https://wiki.debian.org/LTS

Package        : libraw
Version        : 0.19.2-2+deb10u3
CVE ID         : CVE-2021-32142 CVE-2023-1729
Debian Bug     : 1031790 1036281

Buffer Overflow vulnerabilities were found in libraw, a raw image
decoder library, which could lead to application crash or privilege


    A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
    gets(char*, int), which could lead to privilege escalation or
    application crash.


    A heap-buffer-overflow was found in raw2image_ex(int), which may
    lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: