|
2020-09-16
|
CVE-2020-24890
|
** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way.
|
Libraw
|
5.5
|
|
|
|
2018-12-07
|
CVE-2018-5800
|
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
|
Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
6.5
|
|
|
|
2018-12-07
|
CVE-2018-5802
|
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
|
Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
8.8
|
|
|
|
2018-12-07
|
CVE-2018-5813
|
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
|
Ubuntu_linux, Libraw
|
6.5
|
|
|
|
2020-09-16
|
CVE-2020-24889
|
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
|
Libraw
|
7.8
|
|
|
|
2018-04-29
|
CVE-2018-10528
|
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
|
Ubuntu_linux, Libraw
|
8.8
|
|
|
|
2019-02-20
|
CVE-2018-5818
|
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
|
Debian_linux, Libraw
|
7.5
|
|
|
|
2018-12-07
|
CVE-2018-5810
|
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
|
Ubuntu_linux, Libraw
|
8.8
|
|
|
|
2018-12-07
|
CVE-2018-5809
|
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
|
Libraw
|
8.8
|
|
|
|
2018-12-07
|
CVE-2018-5808
|
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
|
Debian_linux, Libraw
|
8.8
|
|
|