CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
15 May 2023 — A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533 – Ubuntu Security Notice USN-5715-1
https://notcve.org/view.php?id=CVE-2020-35533
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted ph... • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35534
https://notcve.org/view.php?id=CVE-2020-35534
01 Sep 2022 — In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. En LibRaw, se presenta una vulnerabilidad de corrupción de memoria en la función "crxFreeSubbandData()" (libraw\src\decoders\crx.cpp) cuando son procesados archivos cr3 • https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-35535
https://notcve.org/view.php?id=CVE-2020-35535
01 Sep 2022 — In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::parseSonySRF()" (libraw\src\metadata\sony.cpp) cuando son procesados archivos srf • https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35530
https://notcve.org/view.php?id=CVE-2020-35530
01 Sep 2022 — In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. En LibRaw, se presenta una vulnerabilidad de escritura fuera de límites en la función "new_node()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de un archivo X3F diseñado • https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35531 – Ubuntu Security Notice USN-7266-1
https://notcve.org/view.php?id=CVE-2020-35531
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función get_huffman_diff() (libraw\src\x3f\x3f_utils_patched.cpp) cuando son leídos datos de un archivo de imagen Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly... • https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35532 – Ubuntu Security Notice USN-7266-1
https://notcve.org/view.php?id=CVE-2020-35532
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "simple_decode_row()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de una imagen con un campo row_stride grande Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam... • https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e • CWE-125: Out-of-bounds Read •