New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A Stack Buffer Overflow was discovered in internal/dcraw_common.cpp #99
Comments
|
You have not attach crash-xtrans_interpolate-stack-overflow file |
|
Meanwhile this patch should help |
|
@LibRaw sorry, here it is |
|
Thanks a log. Unfortunately 1st patch does not solve this problem (but will solve another one). |
|
This was assigned CVE-2017-14265 |
|
Hello there! Is there any fix available for this issue? tks in advance! |
|
It was fixed in 0.18.3 |
|
What is the commit that fix it, do you know? |
|
this one: 82616ef |
|
In this commit has info about CVE-2017-13735 not CVE-2017-14265. Can I suppose it fix both? tks! |
|
There are two lines in Changelog related to 0.18.3:
|
A Stack Buffer Overflow was discovered in
internal/dcraw_common.cpp:5685(LibRaw::xtrans_interpolate). It could allow remote denial of serviceand code execution attack.
command to reproduce:
./simple_dcraw crash-xtrans_interpolate-stack-overflowthe latest version is vulnerable. other versions may also be affected.
the sanitizer output:
in
internal/dcraw_common.cpp:5688 (xtrans_interpolate), color was defined as:with the input testcase in gdb, we could see that the
his 3, which leads stack overflowThe text was updated successfully, but these errors were encountered: