Detections
Analytics

Debian DLA-2903-1 : libraw - LTS security update

critical Nessus Plugin ID 158247

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2903 advisory.

 - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14608)

 - An error related to the LibRaw::panasonic_load_raw() function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. (CVE-2017-16909)

 - An error within the LibRaw::xtrans_interpolate() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. (CVE-2017-16910)

 - LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20363)

 - LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20364)

 - LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. (CVE-2018-20365)

 - An off-by-one error within the LibRaw::kodak_ycbcr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (CVE-2018-5800)

 - An error within the LibRaw::unpack() function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5801)

 - An error within the kodak_radc_load_raw() function (internal/dcraw_common.cpp) related to the buf variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (CVE-2018-5802)

 - A type confusion error within the identify() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. (CVE-2018-5804)

 - A boundary error within the quicktake_100_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. (CVE-2018-5805)

 - An error within the leaf_hdr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)

 - An error within the samsung_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
 (CVE-2018-5807)

 - An error within the find_green() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
 (CVE-2018-5808)

 - An error within the rollei_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
 (CVE-2018-5810)

 - An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (CVE-2018-5811)

 - An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5812)

 - An error within the parse_minolta() function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. (CVE-2018-5813)

 - An integer overflow error within the parse_qt() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. (CVE-2018-5815)

 - A type confusion error within the unpacked_load_raw() function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. (CVE-2018-5817)

 - An error within the parse_rollei() function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. (CVE-2018-5818)

 - An error within the parse_sinar_ia() function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. (CVE-2018-5819)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the libraw packages.

For Debian 9 stretch, these problems have been fixed in version 0.17.2-6+deb9u2.

See Also

https://security-tracker.debian.org/tracker/source-package/libraw

https://www.debian.org/lts/security/2022/dla-2903

https://security-tracker.debian.org/tracker/CVE-2017-14608

https://security-tracker.debian.org/tracker/CVE-2017-16909

https://security-tracker.debian.org/tracker/CVE-2017-16910

https://security-tracker.debian.org/tracker/CVE-2018-20363

https://security-tracker.debian.org/tracker/CVE-2018-20364

https://security-tracker.debian.org/tracker/CVE-2018-20365

https://security-tracker.debian.org/tracker/CVE-2018-5800

https://security-tracker.debian.org/tracker/CVE-2018-5801

https://security-tracker.debian.org/tracker/CVE-2018-5802

https://security-tracker.debian.org/tracker/CVE-2018-5804

https://security-tracker.debian.org/tracker/CVE-2018-5805

https://security-tracker.debian.org/tracker/CVE-2018-5806

https://security-tracker.debian.org/tracker/CVE-2018-5807

https://security-tracker.debian.org/tracker/CVE-2018-5808

https://security-tracker.debian.org/tracker/CVE-2018-5810

https://security-tracker.debian.org/tracker/CVE-2018-5811

https://security-tracker.debian.org/tracker/CVE-2018-5812

https://security-tracker.debian.org/tracker/CVE-2018-5813

https://security-tracker.debian.org/tracker/CVE-2018-5815

https://security-tracker.debian.org/tracker/CVE-2018-5817

https://security-tracker.debian.org/tracker/CVE-2018-5818

https://security-tracker.debian.org/tracker/CVE-2018-5819

https://packages.debian.org/source/stretch/libraw

Plugin Details

Severity: Critical

ID: 158247

File Name: debian_DLA-2903.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2/22/2022

Updated: 11/7/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-5810

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-14608

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libraw-bin, p-cpe:/a:debian:debian_linux:libraw-dev, p-cpe:/a:debian:debian_linux:libraw-doc, p-cpe:/a:debian:debian_linux:libraw15, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2022

Vulnerability Publication Date: 9/20/2017

Reference Information

CVE: CVE-2017-14608, CVE-2017-16909, CVE-2017-16910, CVE-2018-20363, CVE-2018-20364, CVE-2018-20365, CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5804, CVE-2018-5805, CVE-2018-5806, CVE-2018-5807, CVE-2018-5808, CVE-2018-5810, CVE-2018-5811, CVE-2018-5812, CVE-2018-5813, CVE-2018-5815, CVE-2018-5817, CVE-2018-5818, CVE-2018-5819