Synopsis
The remote Debian host is missing one or more security-related updates.
Description
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2903 advisory.
- In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14608)
- An error related to the LibRaw::panasonic_load_raw() function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. (CVE-2017-16909)
- An error within the LibRaw::xtrans_interpolate() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. (CVE-2017-16910)
- LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20363)
- LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20364)
- LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. (CVE-2018-20365)
- An off-by-one error within the LibRaw::kodak_ycbcr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (CVE-2018-5800)
- An error within the LibRaw::unpack() function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5801)
- An error within the kodak_radc_load_raw() function (internal/dcraw_common.cpp) related to the buf variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (CVE-2018-5802)
- A type confusion error within the identify() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. (CVE-2018-5804)
- A boundary error within the quicktake_100_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. (CVE-2018-5805)
- An error within the leaf_hdr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)
- An error within the samsung_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
(CVE-2018-5807)
- An error within the find_green() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
(CVE-2018-5808)
- An error within the rollei_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
(CVE-2018-5810)
- An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (CVE-2018-5811)
- An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5812)
- An error within the parse_minolta() function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. (CVE-2018-5813)
- An integer overflow error within the parse_qt() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. (CVE-2018-5815)
- A type confusion error within the unpacked_load_raw() function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. (CVE-2018-5817)
- An error within the parse_rollei() function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. (CVE-2018-5818)
- An error within the parse_sinar_ia() function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. (CVE-2018-5819)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade the libraw packages.
For Debian 9 stretch, these problems have been fixed in version 0.17.2-6+deb9u2.
Plugin Details
File Name: debian_DLA-2903.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libraw-bin, p-cpe:/a:debian:debian_linux:libraw15, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:libraw-dev, p-cpe:/a:debian:debian_linux:libraw-doc
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: Exploits are available
Patch Publication Date: 2/22/2022
Vulnerability Publication Date: 9/20/2017
Reference Information
CVE: CVE-2017-14608, CVE-2017-16909, CVE-2017-16910, CVE-2018-20363, CVE-2018-20364, CVE-2018-20365, CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5804, CVE-2018-5805, CVE-2018-5806, CVE-2018-5807, CVE-2018-5808, CVE-2018-5810, CVE-2018-5811, CVE-2018-5812, CVE-2018-5813, CVE-2018-5815, CVE-2018-5817, CVE-2018-5818, CVE-2018-5819