First published: Thu Dec 06 2018(Updated: )
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libraw16 | <0.18.8-1ubuntu0.2 | 0.18.8-1ubuntu0.2 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/libraw15 | <0.17.1-1ubuntu0.4 | 0.17.1-1ubuntu0.4 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/libraw9 | <0.15.4-1ubuntu0.3 | 0.15.4-1ubuntu0.3 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-3838-1 is high.
To fix USN-3838-1 on Ubuntu 18.04, update the libraw16 package to version 0.18.8-1ubuntu0.2 or higher.
To fix USN-3838-1 on Ubuntu 16.04, update the libraw15 package to version 0.17.1-1ubuntu0.4 or higher.
To fix USN-3838-1 on Ubuntu 14.04, update the libraw9 package to version 0.15.4-1ubuntu0.3 or higher.
Yes, USN-3838-1 can be exploited remotely by tricking a user or automated system into processing a specially crafted photo file.