Total
49 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10529 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-06-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | |||||
CVE-2017-6887 | 1 Libraw | 1 Libraw | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. | |||||
CVE-2017-6886 | 1 Libraw | 1 Libraw | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | |||||
CVE-2017-14608 | 1 Libraw | 1 Libraw | 2017-09-27 | 6.4 MEDIUM | 9.1 CRITICAL |
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |||||
CVE-2017-14348 | 1 Libraw | 1 Libraw | 2017-09-20 | 6.8 MEDIUM | 8.8 HIGH |
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | |||||
CVE-2017-14265 | 1 Libraw | 1 Libraw | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | |||||
CVE-2017-13735 | 1 Libraw | 1 Libraw | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||||
CVE-2013-1439 | 1 Libraw | 1 Libraw | 2013-11-14 | 4.3 MEDIUM | N/A |
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | |||||
CVE-2013-2127 | 1 Libraw | 1 Libraw | 2013-08-14 | 7.5 HIGH | N/A |
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |