rpms/LibRaw
7
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2017-14348

Browse Source
This commit is contained in:
Gwyn Ciesla 2017-09-15 09:28:31 -05:00
parent 84347a5892
commit 3fbdcce34b
2 changed files with 76 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
LibRaw.spec
View File

@ -1,7 +1,7 @@
Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw
Version: 0.18.4
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv3+
Group: Development/Libraries
URL: http://www.libraw.org
@ -14,7 +14,7 @@ Source1: http://www.libraw.org/data/%{name}-demosaic-pack-GPL2-%{version}.tar.gz
Source2: http://www.libraw.org/data/%{name}-demosaic-pack-GPL3-%{version}.tar.gz
Patch0: LibRaw-0.6.0-pkgconfig.patch
Patch1: LibRaw-0.17.1-CVE-2015-8366-8367.patch
#Patch2: radc_divbyzero.patch
Patch2: d13e8f6d1e987b7491182040a188c16a395f1d21.patch
Provides: bundled(dcraw) = 9.25
@ -56,7 +56,7 @@ LibRaw sample programs
%patch0 -p0 -b .pkgconfig
%patch1 -p1 -b .CVE-2015-8366
#%patch2 -p1 -b .CVE-2017-13735
%patch2 -p1 -b .CVE-2017-14348
%build
%configure --enable-examples=yes --enable-jasper --enable-lcms \
@ -105,6 +105,9 @@ make install DESTDIR=%{buildroot}
%postun -p /sbin/ldconfig
%changelog
* Fri Sep 15 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.4-2
- Patch for CVE-2017-14348.
* Tue Sep 12 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.4-1
- 0.18.4

70
d13e8f6d1e987b7491182040a188c16a395f1d21.patch Normal file
View File

@ -0,0 +1,70 @@
From d13e8f6d1e987b7491182040a188c16a395f1d21 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Wed, 13 Sep 2017 09:31:01 +0300
Subject: [PATCH] CVE-2017-1438 credits; fix for Kodak 65000 out of bounds
access
---
Changelog.txt | 6 +++++-
dcraw/dcraw.c | 11 +++++++++--
internal/dcraw_common.cpp | 11 +++++++++--
3 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/Changelog.txt b/Changelog.txt
index 95bdc952..9b247882 100755
--- a/Changelog.txt
+++ b/Changelog.txt
@@ -1,5 +1,9 @@
+2017-09-13 Alex Tutubalin <lexa@lexa.ru>
+ * Fixed possible out of bound access in Kodak 6500 loader
+
2017-09-12 Alex Tutubalin <lexa@lexa.ru>
- * Fix for possible heap overrun in Canon makernotes parser
+ * CVE-2017-14348: Fix for possible heap overrun in Canon makernotes parser
+ Credit: Henri Salo from Nixu Corporation
* LibRaw 0.18.4
2017-09-09 Alex Tutubalin <lexa@lexa.ru>
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 18bcdbcb..8fb2b073 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -3240,8 +3240,15 @@ void CLASS kodak_65000_load_raw()
len = MIN (256, width-col);
ret = kodak_65000_decode (buf, len);
for (i=0; i < len; i++)
- if ((RAW(row,col+i) = curve[ret ? buf[i] :
- (pred[i & 1] += buf[i])]) >> 12) derror();
+ {
+ int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+ if(idx >=0 && idx <= 0xffff)
+ {
+ if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+ }
+ else
+ derror();
+ }
}
}
}
--- LibRaw-0.18.4/dcraw/dcraw.c~ 2017-09-15 09:17:55.000000000 -0500
+++ LibRaw-0.18.4/dcraw/dcraw.c 2017-09-15 09:20:29.532287605 -0500
@@ -2589,8 +2589,16 @@
len = MIN (256, width-col);
ret = kodak_65000_decode (buf, len);
for (i=0; i < len; i++)
- if ((RAW(row,col+i) = curve[ret ? buf[i] :
- (pred[i & 1] += buf[i])]) >> 12) derror();
+ {
+ int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+ if(idx >=0 && idx <= 0xffff)
+ {
+ if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+ }
+ else
+ derror();
+ }
+
}
}