[cximage] Fix denial of service via a crafted photo file (CVE-2013-1438)
Embedded CxImage embeds a copy of libDCR, a fork of dcraw.c, which
contains several denial of service vulnerabilities as discovered by
Raphael Geissert. These seem to affect the CxImage-embedded libDCR as
well.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438
----
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in
libraw, ufraw, shotwell, and other products, allows context-dependent
attackers to cause a denial of service via a crafted photo file that
triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer
dereference.
----
Port the fix from libRaw [1] to CxImage copy of libDCR. The patch has
been submitted upstream.
[1]
https://github.com/LibRaw/LibRaw/commit/
9ae25d8c3a6bfb40c582538193264f74c9b93bc0