LibRaw, libkdcraw: Multiple vulnerabilities

LibRaw, libkdcraw: Multiple vulnerabilities Multiple vulnerabilities have been found in LibRaw and libkdcraw, the worst of which may lead to arbitrary code execution. libraw September 15, 2013 September 15, 2013: 1 471694 482926 remote 0.15.4 0.15.4 4.10.5-r1 4.10.5-r1

LibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE.

Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted file, possibly resulting in arbitrary code execution or Denial of Service.

There is no known workaround at this time.

All LibRaw users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.15.4"

All libkdcraw users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=kde-base/libkdcraw-4.10.5-r1"

CVE-2013-1438 CVE-2013-1439 CVE-2013-2126 CVE-2013-2127 pinkbyte creffett