A buffer overread in LibRaw might allow an attacker to cause denial of service.
|Package||media-libs/libraw on all architectures|
|Affected versions||< 0.20.2|
|Unaffected versions||>= 0.20.2|
LibRaw is a library for reading RAW files obtained from digital photo cameras.
LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service.
An attacker capable of providing crafted input to LibRaw could trigger denial of service.
There is no known workaround at this time.
All LibRaw users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.2"
August 10, 2022
August 10, 2022: 1