Candidate: CVE-2017-6889
PublicDate: 2017-05-15 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6889
 https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716
 https://secuniaresearch.flexerasoftware.com/advisories/75000/
Description:
 An integer overflow error within the "foveon_load_camf()" function
 (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be
 exploited to cause a heap-based buffer overflow.
Ubuntu-Description:
Notes:
 mdeslaur> libraw demosaic extension isn't packaged in ubuntu
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libraw:
 upstream: https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716
upstream_libraw: released (0.18.2)
precise/esm_libraw: DNE
trusty_libraw: not-affected
trusty/esm_libraw: DNE (trusty was not-affected)
vivid/ubuntu-core_libraw: DNE
vivid/stable-phone-overlay_libraw: DNE
xenial_libraw: not-affected
esm-infra/xenial_libraw: not-affected
yakkety_libraw: not-affected
zesty_libraw: not-affected
devel_libraw: not-affected