Candidate: CVE-2018-25017
PublicDate: 2021-07-01 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25017
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256
 https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9
 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml
Description:
 RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in
 TableLookUp::setTable.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_darktable:
upstream_darktable: released (2.6.0-1)
trusty_darktable: ignored (out of standard support)
trusty/esm_darktable: DNE
xenial_darktable: ignored (out of standard support)
bionic_darktable: needed
focal_darktable: not-affected (3.0.1-0ubuntu1)
groovy_darktable: not-affected
hirsute_darktable: not-affected
impish_darktable: not-affected
jammy_darktable: not-affected
devel_darktable: not-affected

Patches_photoflow:
upstream_photoflow: not-affected (debian: Fixed before initial upload to the archive)
trusty_photoflow: ignored (out of standard support)
trusty/esm_photoflow: DNE
xenial_photoflow: ignored (out of standard support)
bionic_photoflow: DNE
focal_photoflow: DNE
groovy_photoflow: ignored (reached end-of-life)
hirsute_photoflow: not-affected
impish_photoflow: not-affected
jammy_photoflow: not-affected
devel_photoflow: not-affected