Package: libraw / 0.14.6-2+deb7u1

Metadata

Package Version Patches format
libraw 0.14.6-2+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix_CVE 2015 3885.patch | (download)

dcraw/dcraw.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 fix_cve-2015-3885

Avoid overflowing array

When reading raw image files containing lossless JPEG data, headers could be
manipulated to make the signed int variable 'len' negative which specifies
how much actual data follows. Interpreted as unsigned, this could lead to
reading file data past the 64k boundary of the array used for storing it.
To avoid that, make 'len' unsigned short, and bail out early if its value
would become invalid (i.e. <= 0).

Signed-off-by: Matteo F. Vescovi <mfv@debian.org>

Git-Dch: Short