Fedora has issued an advisory today (July 10): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/ The issue is fixed upstream in 0.20-RC1. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning to José, the active maintainer.
Assignee: bugsquad => lists.jjorge
openSUSE has issued an advisory for this on July 26: https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
Same advisory for openSUSE 15.2 from August 2: https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
Suggested advisory: ======================== The updated packages fix a security vulnerability: LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/ https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html ======================== Updated packages in core/updates_testing: ======================== libraw-tools-0.19.2-1.1.mga7 lib(64)raw19-0.19.2-1.1.mga7 lib(64)raw_r19-0.19.2-1.1.mga7 lib(64)raw-devel-0.19.2-1.1.mga7 from SRPM: libraw-0.19.2-1.1.mga7.src.rpm
Assignee: lists.jjorge => qa-bugsWhiteboard: MGA7TOO => (none)Source RPM: libraw-0.19.5-2.mga8.src.rpm => libraw-0.19.2-1.mga7.src.rpmStatus: NEW => ASSIGNEDCVE: (none) => CVE-2020-15503Version: Cauldron => 7CC: (none) => nicolas.salguero
mga7, x64 CVE-2020-15503 No PoC available according to a Suse report. Ran a command used before in testing libraw (bug 23186) $ multirender_test RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF Writing file RAW_NIKON_D1.NEF.1.ppm Writing file RAW_NIKON_D1.NEF.2.ppm Writing file RAW_NIKON_D1.NEF.3.ppm Writing file RAW_NIKON_D1.NEF.4.ppm Writing file RAW_NIKON_D1.NEF.5.ppm Writing file RAW_NIKON_D1.NEF.6.ppm Writing file RAW_NIKON_D1.NEF.7.ppm Writing file RAW_NIKON_D1.NEF.8.ppm The images looked fine. Updated the four packages. Ran that test again after deleteing the PPM files. $ multirender_test RAW_NIKON_D1.NEF produced a series of PPM files as before, the basic image then transformations as thumbnails, as viewed by ImageMagick. $ postprocessing_benchmark -R 20 RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF 421.3 msec for unpack Performance: 16.20 Mpix/sec File: RAW_NIKON_D1.NEF, Frame: 0 2.7 total Mpix, 164.4 msec Params: WB=default Highlight=0 Qual=-1 HalfSize=No Median=0 Wavelet=0 Crop: 0-0:2012x1324, active Mpix: 2.66, 6.1 frames/sec $ raw-identify RAW_OLYMPUS*.ORF RAW_OLYMPUS_C8080.ORF is a Olympus C8080WZ image. RAW_OLYMPUS_E420.ORF is a Olympus E-420 image. RAW_OLYMPUS_E5.ORF is a Olympus E-5 image. RAW_OLYMPUS_E-PL7.ORF is a Olympus E-PL7 image. RAW_OLYMPUS_SP350.ORF is a Olympus SP350 image. $ unprocessed_raw RAW_FUJI_S5PRO_V106.RAF Processing file RAW_FUJI_S5PRO_V106.RAF Image size: 3584x3583 Raw size: 4352x1444 Margins: top=2, left=32 Unpacked.... Stored to file RAW_FUJI_S5PRO_V106.RAF.pgm $ display RAW_FUJI_S5PRO_V106.RAF.pgm Rendered OK. $ unprocessed_raw RAW_CANON_D60_ARGB.CRW Processing file RAW_CANON_D60_ARGB.CRW Image size: 3088x2056 Raw size: 3152x2068 Margins: top=12, left=64 Unpacked.... Stored to file RAW_CANON_D60_ARGB.CRW.pgm $ display ... The file appeared as a black panel. ?? The same happened with this: $ unprocessed_raw RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF Image size: 2012x1324 Raw size: 2012x1324 Margins: top=0, left=0 Unpacked.... Stored to file RAW_NIKON_D1.NEF.pgm $ display RAW_NIKON_D1.NEF.pgm However, with a gamma correction of 2.2 the file displayed, albeit somewhat dimly. $ unprocessed_raw -g RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF Image size: 2012x1324 Raw size: 2012x1324 Margins: top=0, left=0 Unpacked.... Gamma-corrected.... Stored to file RAW_NIKON_D1.NEF.pgm $ display RAW_NIKON_D1.NEF.pgm Note that nomacs requires libraw and can be used to display raw images. It works fine on the local collection of raw images. gthumb and shotwell can also deal with raw images. $ gthumb *.ORF Yep. Thanks Herman for those - from a previous test. $ shotwell KODAK*.RAW That works also. All this looks fine.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Found some more commands in an old report. $ mem_image mem_image - LibRaw sample, to illustrate work for memory buffers. Emulates dcraw [-4] [-1] [-e] [-h] Usage: -h - use half_size [-D] [-T] [-v] [-e] raw-files.... -6 - output 16-bit PPM -4 - linear 16-bit data -e - extract thumbnails (same as dcraw -e in separate run) $ mem_image -6 RAW_FUJI_S6500FD.RAF Processing RAW_FUJI_S6500FD.RAF $ display RAW_FUJI_S6500FD.RAF.ppm OK. Find the number of supported cameras: $ simple_dcraw -L | wc -l 1017
Validated update, Packages and Advisory in Comment 4.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
Target Milestone: --- => Mageia 7
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0368.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED