 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2022.0160 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2022-0160) |
| Summary: | The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2022-0160 advisory. |
| Description: | Summary: The remote host is missing an update for the 'dcraw' package(s) announced via the MGASA-2022-0160 advisory. Vulnerability Insight: A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19565) A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. (CVE-2018-19566) A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19567) A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19568) A boundary error within the 'quicktake_100_load_raw()' function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. (CVE-2018-5805) An error within the 'leaf_hdr_load_raw()' function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806) There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. (CVE-2021-3624) Affected Software/OS: 'dcraw' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-19565 https://seclists.org/oss-sec/2018/q4/165 https://seclists.org/oss-sec/2018/q4/171 Common Vulnerability Exposure (CVE) ID: CVE-2018-19566 Common Vulnerability Exposure (CVE) ID: CVE-2018-19567 Common Vulnerability Exposure (CVE) ID: CVE-2018-19568 Common Vulnerability Exposure (CVE) ID: CVE-2018-5805 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/ RedHat Security Advisories: RHSA-2018:3065 https://access.redhat.com/errata/RHSA-2018:3065 https://secuniaresearch.flexerasoftware.com/advisories/81000/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5806 Common Vulnerability Exposure (CVE) ID: CVE-2021-3624 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |