| Name | CVE-2018-25017 |
| Description | RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| darktable (PTS) | jessie | 1.4.2-1+deb8u1 | vulnerable |
| stretch | 2.2.1-3 | fixed |
| buster | 2.6.0-1 | fixed |
| bullseye | 3.4.1-5 | fixed |
| bookworm | 4.2.1-4 | fixed |
| sid, trixie | 4.8.1-2 | fixed |
| photoflow (PTS) | bullseye | 0.2.8+git20200114-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| darktable | source | jessie | (unfixed) | end-of-life | | |
| darktable | source | stretch | (not affected) | | | |
| darktable | source | (unstable) | 2.6.0-1 | | | |
| photoflow | source | (unstable) | (not affected) | | | |
Notes
[stretch] - darktable <not-affected> (Vulnerable code added later)
- photoflow <not-affected> (Fixed before initial upload to the archive)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256
https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml
darktable 2.6.0 is the first release to bundle rawspeed 3.2 with the fixes