|
1 | 1 | 2018-12-24 Alex Tutubalin < [email protected]> |
2 | 2 | * Fixed possible buffer overrun at Fuji makernotes parser |
3 | | - * Fixed possible write to NULL pointer at raw2image/raw2image_ex |
4 | | - Notes: |
5 | | - a) For some unknown reasons, three CVE numbers was assigned |
6 | | - for one problem. CVEs are: CVE-2018-20363, CVE-2018-20364, CVE-2018-20365 |
7 | | - b) Most likely, LibRaw 0.19 is not subject of the problem, because |
8 | | - the problem is switched by this combination of conditions: |
9 | | - - data is extracted into full-color buffer |
10 | | - - while raw2image tries to use bayer buffer because filters is set. |
11 | | - This combination is only present in Sinar4Shot files, but LibRaw 0.19 |
12 | | - does not support these files, the support was introduced later. |
13 | | - |
14 | | - Meanwhile, additional check in raw2image[_ex] is not bad. |
| 3 | + * Fixed possible write to NULL pointer at raw2image/raw2image_ex calls. |
| 4 | + Details: |
| 5 | + a) Three different CVE numbers was assigned for single problem: |
| 6 | + CVE-2018-20363, CVE-2018-20364, CVE-2018-20365 |
| 7 | + b) The POCs exploits inconsistency in Sinar-4Shot files handling. |
| 8 | + LibRaw 0.19 does not support this files format, so it is not |
| 9 | + subject of exactly same problem |
| 10 | + c) However, additional checks for bayer raw data presence are |
| 11 | + backported from LibRaw-master (development) branch. |
15 | 12 |
|
16 | 13 | * LibRaw 0.19.2 |
17 | 14 |
|
|
0 commit comments