LibRaw 0.18.13 (update: was 0.18.3...0.18.12)
LibRaw 0.18.13 released and available on both download page and on Github repository.
This is bugfix release, changes are (compared to 0.18.2):
- changed wrong fix for Canon D30 white balance
- fixed possible stack overrun while reading zero-sized strings
- fixed possible integer overflow
- Secunia Advisory SA83507, credits Kasper Leigh Haabb, Secunia Research at Flexera
- parse_qt: possible integer overflow
- reject broken/crafted NOKIARAW files
- Backported 0.19-patch to recover read position if TIFF/EXIF tag is too long
- Secunia Advisory SA83050: possible infinite loop in parse_minolta()
- Fixed stack overrun in kodak_radc_load_raw
- restored static for utf2char() lost in previous bugfix
- Fixed possible div by zero in EOS D30 WB data parse
- packed_load_raw(): EOF check on each row
- Exceptions was not caught in x3f_new_from_file resulting in x3f handle leak
- CVE-2018-10529 fixed: out of bounds read in X3F parser
- CVE-2018-10528 fixed: possible stack overrun in X3F parser
- samsung_load_raw: possible buffer overrun
- rollei_load_raw: possible buffer overrun
- nikon_coolscan_load_raw: possible buffer overrun, possible NULL pointer
- find_green: possible stack overrun
- parse_exif: possible stack overrun
- leaf_hdr_load_raw: check for image pointer for demosaiced raw
- NOKIARAW parser: check image dimensions readed from file
- quicktake_100_load_raw: check width/height limits
- All legacy (RGB raw) image loaders checks for imgdata.image is not NULL
- kodak_radc_load_raw: check image size before processing
- legacy memory allocator: allocate max(widh,raw_width)*max(height,raw_height)
- Fixed fuji_width handling if file is neither fuji nor DNG
- Fixed xtrans interpolate for broken xtrans pattern
- Fixed panasonic decoder
- Fix for possible buffer overrun in kodak_65000 decoder
- Fix for possible heap overrun in Canon makernotes parser
- Fix for CVE-2017-13735
- CVE-2017-14265: Additional check for X-Trans CFA pattern data
Recent comments