ALAS2-2023-2256 --- LibRawID: oval:org.secpod.oval:def:1701631 | Date: (C)2023-10-26 (M)2024-01-02 |
Class: PATCH | Family: unix |
Buffer Overflow vulnerability in LibRaw::stretch function in libraw\src\postprocessing\aspect_ratio.cpp. In LibRaw, there is an out-of-bounds write vulnerability within the "new_node" function that can be triggered via a crafted X3F file. In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff function when reading data from an image file. In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row" function which can be triggered via an image with a large row_stride field. Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets in /src/libraw/src/libraw_datastream.cpp