RawTherapee Integer Overflow Vulnerability in rtengine Modules
Vulnerability
An integer overflow vulnerability has been identified in RawTherapee versions through 5.11, specifically within the rtengine modules. This issue arises in the program file dcraw.cc, which is used as a base for RawTherapee's modifications but does not get compiled into the application. The vulnerability was introduced when the parse_qt() function was cloned from LibRaw without applying a crucial security patch that addresses a similar overflow issue in LibRaw.
Impact
Exploitation of this vulnerability could lead to an integer overflow, potentially allowing for arbitrary code execution or causing a crash.
Reproduction
The vulnerability can be reproduced by modifying the dcraw.cc file in the RawTherapee source code. After applying the same patch that was used to fix the integer overflow issue in LibRaw, the file can be recompiled. This process will introduce the vulnerability into RawTherapee, where it can be exploited.
Remediation
Users can upgrade to RawTherapee version 5.12 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.