OESA-2024-2366
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2366
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2366.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-2366
- Upstream
- Published
- 2024-11-08T15:07:57Z
- Modified
- 2025-08-12T05:34:22.996557Z
- Summary
- dcraw security update
- Details
-
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.
Security Fix(es):
(CVE-2017-13735)
(CVE-2017-14608)
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.(CVE-2018-19655)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:22.03-LTS-SP4 / dcraw
Package
- Name
- dcraw
- Purl
- pkg:rpm/openEuler/dcraw&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.28.0-7.oe2203sp4
Ecosystem specific
{
"aarch64": [
"dcraw-9.28.0-7.oe2203sp4.aarch64.rpm",
"dcraw-debuginfo-9.28.0-7.oe2203sp4.aarch64.rpm",
"dcraw-debugsource-9.28.0-7.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"dcraw-9.28.0-7.oe2203sp4.x86_64.rpm",
"dcraw-debuginfo-9.28.0-7.oe2203sp4.x86_64.rpm",
"dcraw-debugsource-9.28.0-7.oe2203sp4.x86_64.rpm"
],
"src": [
"dcraw-9.28.0-7.oe2203sp4.src.rpm"
],
"noarch": [
"dcraw-help-9.28.0-7.oe2203sp4.noarch.rpm"
]
}