LibRaw CVE-2018-5800 Heap Buffer Overflow Vulnerability

Bugtraq ID:	104663
Class:	Boundary Condition Error
CVE:	CVE-2018-5800
Remote:	Yes
Local:	No
Published:	Jun 30 2018 12:00AM
Updated:	Jun 30 2018 12:00AM
Credit:	Laurent Delosieres, Secunia Research at Flexera
Vulnerable:	Redhat Enterprise Linux 7 LibRaw LibRaw 0.18.6 LibRaw LibRaw 0.18.4 LibRaw LibRaw 0.18.3 LibRaw LibRaw 0.18.2 LibRaw LibRaw 0.18.1 LibRaw LibRaw 0.16.1 LibRaw LibRaw 0.16 LibRaw LibRaw 0.15.2 LibRaw LibRaw 0.15.1 LibRaw LibRaw 0.15 LibRaw LibRaw 0.14.7 LibRaw LibRaw 0.14.6 LibRaw LibRaw 0.14.5 LibRaw LibRaw 0.14.4 LibRaw LibRaw 0.14.2 LibRaw LibRaw 0.14 LibRaw LibRaw 0.13.5 LibRaw LibRaw 0.13.4 LibRaw LibRaw 0.13 LibRaw LibRaw 0.8 LibRaw LibRaw 0.17 LibRaw LibRaw 0.15.4 LibRaw LibRaw 0.15.3 LibRaw LibRaw 0.15 LibRaw LibRaw 0.14.3 LibRaw LibRaw 0.14.1 LibRaw LibRaw 0.13.8 LibRaw LibRaw 0.13.7 LibRaw LibRaw 0.13.6 LibRaw LibRaw 0.13.3 LibRaw LibRaw 0.13.2 LibRaw LibRaw 0.13.1 LibRaw LibRaw 0.13
Not Vulnerable:	LibRaw LibRaw 0.18.7

LibRaw CVE-2018-5800 Heap Buffer Overflow Vulnerability

LibRaw is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Versions prior to LibRaw 0.18.7 are vulnerable.

LibRaw CVE-2018-5800 Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

LibRaw CVE-2018-5800 Heap Buffer Overflow Vulnerability

References:

• 0.18.7 Changelog (Github)
  
• LibRaw Homepage (LibRaw)
  
• Bug 1553332 CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw (Redhat)
  
• CVE-2018-5800 (Redhat)