[Advisory]LibRaw Multi Memory error[CVE-2015-8366 and CVE-2015-8367]

Posted by ChenQin on Nov 30

1. Overview
The LibRaw raw image decoder <= 0.17 has multi vulnerability to cause memory errors,which may cause code execution or
other problems.Problems has been fixed in 0.17.1(www.libraw.org/news/libraw-0-17-1).

2.Descryption
Case CVE-2015-8366,Libraw smal_decode_segment function do not handle index carefully,which may cause index overflow.
Case CVE-2015-8367,Libraw phase_one_correct function do not handle memory object’s…

Leave a Reply