A boundary error within the "parsetiffifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libraw-bin-dbgsym": "0.15.4-1ubuntu0.1", "libraw-bin": "0.15.4-1ubuntu0.1", "libraw9-dbgsym": "0.15.4-1ubuntu0.1", "libraw-dev": "0.15.4-1ubuntu0.1", "libraw-doc": "0.15.4-1ubuntu0.1", "libraw9": "0.15.4-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libraw-bin-dbgsym": "0.17.1-1ubuntu0.1", "libraw-bin": "0.17.1-1ubuntu0.1", "libraw15-dbgsym": "0.17.1-1ubuntu0.1", "libraw-dev": "0.17.1-1ubuntu0.1", "libraw-doc": "0.17.1-1ubuntu0.1", "libraw15": "0.17.1-1ubuntu0.1" } ] }