Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dcraw Project Subscribe
Filtered by product Dcraw
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3624 2 Dcraw Project, Debian 2 Dcraw, Debian Linux 2022-04-25 9.3 HIGH 7.8 HIGH
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
CVE-2018-19655 2 Dcraw Project, Suse 3 Dcraw, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server 2020-08-24 6.8 MEDIUM 8.8 HIGH
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
CVE-2018-19565 1 Dcraw Project 1 Dcraw 2018-12-19 5.8 MEDIUM 7.1 HIGH
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2018-19566 1 Dcraw Project 1 Dcraw 2018-12-19 5.8 MEDIUM 7.1 HIGH
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2018-19567 1 Dcraw Project 1 Dcraw 2018-12-19 4.3 MEDIUM 5.5 MEDIUM
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2018-19568 1 Dcraw Project 1 Dcraw 2018-12-19 4.3 MEDIUM 5.5 MEDIUM
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2015-3885 2 Dcraw Project, Fedoraproject 2 Dcraw, Fedora 2018-10-09 4.3 MEDIUM N/A
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.