OESA-2024-2365
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2365
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2365.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-2365
- Upstream
- Published
- 2024-11-08T15:07:56Z
- Modified
- 2025-08-12T05:34:22.497231Z
- Summary
- dcraw security update
- Details
-
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.
Security Fix(es):
(CVE-2017-13735)
(CVE-2017-14608)
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.(CVE-2018-19655)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:24.03-LTS / dcraw
Package
- Name
- dcraw
- Purl
- pkg:rpm/openEuler/dcraw&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.28.0-7.oe2403
Ecosystem specific
{
"src": [
"dcraw-9.28.0-7.oe2403.src.rpm"
],
"aarch64": [
"dcraw-9.28.0-7.oe2403.aarch64.rpm",
"dcraw-debuginfo-9.28.0-7.oe2403.aarch64.rpm",
"dcraw-debugsource-9.28.0-7.oe2403.aarch64.rpm"
],
"noarch": [
"dcraw-help-9.28.0-7.oe2403.noarch.rpm"
],
"x86_64": [
"dcraw-9.28.0-7.oe2403.x86_64.rpm",
"dcraw-debuginfo-9.28.0-7.oe2403.x86_64.rpm",
"dcraw-debugsource-9.28.0-7.oe2403.x86_64.rpm"
]
}