Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5808 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | |||||
| CVE-2018-5810 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | |||||
| CVE-2020-15365 | 1 Libraw | 1 Libraw | 2020-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. | |||||
| CVE-2015-8367 | 1 Libraw | 1 Libraw | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | |||||
| CVE-2015-8366 | 1 Libraw | 1 Libraw | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | |||||
| CVE-2018-20364 | 1 Libraw | 1 Libraw | 2019-05-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | |||||
| CVE-2018-5817 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2019-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | |||||
| CVE-2018-20363 | 1 Libraw | 1 Libraw | 2019-05-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | |||||
| CVE-2018-5819 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2019-05-21 | 7.8 HIGH | 7.5 HIGH |
| An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | |||||
| CVE-2018-5801 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2019-03-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2018-5811 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2018-5816 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 7.1 HIGH | 6.5 MEDIUM |
| An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). | |||||
| CVE-2018-5815 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 7.1 HIGH | 6.5 MEDIUM |
| An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. | |||||
| CVE-2018-5812 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2017-16910 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||||
| CVE-2017-16909 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. | |||||
| CVE-2018-5804 | 1 Libraw | 1 Libraw | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. | |||||
| CVE-2018-5806 | 2 Libraw, Redhat | 4 Libraw, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2018-5807 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2013-2126 | 3 Canonical, Libraw, Opensuse | 3 Ubuntu Linux, Libraw, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
| Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. | |||||