GLSA-201701-54 : DCRaw: Buffer overflow
Medium Nessus Plugin ID 96689
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201701-54 (DCRaw: Buffer overflow)
An integer overflow was discovered in the ljpeg_start function in DCRaw.
Remote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll DCRaw users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/dcraw-9.26.0'