Description
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 rpm rhel8 | | - | - |
rpm rhel7 | | - | - |
rpm rhel9 | | | 0:0.21.1-2.el9_8 |
 debian 11 | | =0.20.2-1 || =0.20.2-1+deb11u1 || =0.20.2-1+deb11u2 || =0.20.2-2 || =0.20.2-2.1 || =0.21.1-1 || =0.21.1-2 || =0.21.1-3 || =0.21.1-4 || =0.21.1-5 || =0.21.1-6 || =0.21.1-7 || =0.21.2-1 || =0.21.2-2 || =0.21.2-2.1 || =0.21.2-2.1~exp1 || =0.21.3-1 || =0.21.4-1 || =0.21.4-2 || =0.21.4-3~exp1 || =0.21.4-3~exp2 || =0.21.5b-1 || =0.22.0-1~exp1 || =0.22.1-1 || =0.22.1-1~exp1 || =0.22.1-1~exp2 | - |
debian 13 | | =0.21.4-2 || =0.21.4-3~exp1 || =0.21.4-3~exp2 || =0.21.5b-1 || =0.22.0-1~exp1 || =0.22.1-1 || =0.22.1-1~exp1 || =0.22.1-1~exp2 | - |
debian 14 | | =0.21.4-2 || =0.21.4-3~exp1 || =0.21.4-3~exp2 || =0.21.5b-1 || =0.22.0-1~exp1 || =0.22.1-1~exp1 || =0.22.1-1~exp2 || >=0 <0.22.1-1 | 0.22.1-1 |
debian 12 | | =0.20.2-2.1 || =0.20.2-2.1+deb12u1 || =0.21.1-1 || =0.21.1-2 || =0.21.1-3 || =0.21.1-4 || =0.21.1-5 || =0.21.1-6 || =0.21.1-7 || =0.21.2-1 || =0.21.2-2 || =0.21.2-2.1 || =0.21.2-2.1~exp1 || =0.21.3-1 || =0.21.4-1 || =0.21.4-2 || =0.21.4-3~exp1 || =0.21.4-3~exp2 || =0.21.5b-1 || =0.22.0-1~exp1 || =0.22.1-1 || =0.22.1-1~exp1 || =0.22.1-1~exp2 | - |
rpm rhel9.4 | | | 0:0.21.1-2.el9_4 |
rpm rhel9.6 | | | 0:0.21.1-2.el9_6 |
