Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libraw
(Libraw)Repositories | https://github.com/LibRaw/LibRaw |
#Vulnerabilities | 51 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-05-16 | CVE-2017-6886 | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | Libraw | 9.8 | ||
2018-12-07 | CVE-2017-16910 | An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | Ubuntu_linux, Libraw | 6.5 | ||
2018-12-07 | CVE-2017-16909 | An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. | Ubuntu_linux, Libraw | 8.8 | ||
2017-09-20 | CVE-2017-14608 | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | Libraw | 9.1 | ||
2017-09-12 | CVE-2017-14348 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | Libraw | 8.8 | ||
2017-09-11 | CVE-2017-14265 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | Libraw | 9.8 | ||
2017-08-29 | CVE-2017-13735 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | Libraw | 7.5 | ||
2013-08-14 | CVE-2013-2127 | Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | Libraw | N/A | ||
2013-08-14 | CVE-2013-2126 | Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. | Ubuntu_linux, Libraw, Opensuse | N/A | ||
2013-09-16 | CVE-2013-1439 | The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | Libraw | N/A |