CVE-2018-20365
https://notcve.org/view.php?id=CVE-2018-20365
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. LibRaw::raw2image() en libraw_cxx.cpp tiene un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/106299 https://github.com/LibRaw/LibRaw/issues/195 https://usn.ubuntu.com/3989-1 • CWE-787: Out-of-bounds Write •
CVE-2018-20364
https://notcve.org/view.php?id=CVE-2018-20364
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. LibRaw::copy_bayer en libraw_cxx.cpp en LibRaw 0.19.1 tiene una desreferencia de puntero NULL. • http://www.securityfocus.com/bid/106299 https://github.com/LibRaw/LibRaw/issues/194 https://usn.ubuntu.com/3989-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-20363
https://notcve.org/view.php?id=CVE-2018-20363
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. LibRaw::raw2image en libraw_cxx.cpp en LibRaw 0.19.1 tiene una desreferencia de puntero NULL. • http://www.securityfocus.com/bid/106299 https://github.com/LibRaw/LibRaw/issues/193 https://usn.ubuntu.com/3989-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-20337 – LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. Existe un desbordamiento de búfer basado en pila en la función parse_makernote de dcraw_common.cpp en la versión 0.19.1 de LibRaw. Se podría realizar un ataque de denegación de servicio u otro tipo de impacto sin especificar con una entrada especialmente manipulada. • https://github.com/LibRaw/LibRaw/issues/192 https://usn.ubuntu.com/3989-1 https://access.redhat.com/security/cve/CVE-2018-20337 https://bugzilla.redhat.com/show_bug.cgi?id=1661555 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-5818
https://notcve.org/view.php?id=CVE-2018-5818
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. Un error en la función "parse_rollei()" (internal/dcraw_common.cpp), en las versiones de LibRaw anteriores a la 0.19.1, podría explotarse para desencadenar un bucle infinito. • https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27 https://usn.ubuntu.com/3989-1 https://www.libraw.org/news/libraw-0-19-2-release • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •