CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20365
https://notcve.org/view.php?id=CVE-2018-20365
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. LibRaw::raw2image() en libraw_cxx.cpp tiene un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/106299 https://github.com/LibRaw/LibRaw/issues/195 https://usn.ubuntu.com/3989-1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20363
https://notcve.org/view.php?id=CVE-2018-20363
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. LibRaw::raw2image en libraw_cxx.cpp en LibRaw 0.19.1 tiene una desreferencia de puntero NULL. • http://www.securityfocus.com/bid/106299 https://github.com/LibRaw/LibRaw/issues/193 https://usn.ubuntu.com/3989-1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20337 – LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. Existe un desbordamiento de búfer basado en pila en la función parse_makernote de dcraw_common.cpp en la versión 0.19.1 de LibRaw. Se podría realizar un ataque de denegación de servicio u otro tipo de impacto sin especificar con una entrada especialmente manipulada. • https://github.com/LibRaw/LibRaw/issues/192 https://usn.ubuntu.com/3989-1 https://access.redhat.com/security/cve/CVE-2018-20337 https://bugzilla.redhat.com/show_bug.cgi?id=1661555 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5819
https://notcve.org/view.php?id=CVE-2018-5819
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. Un error en la función "parse_sinar_ia()" (internal/dcraw_common.cpp), en las versiones de LibRaw anteriores a la 0.19.1, podría explotarse para agotar los recursos de la CPU disponibles. • https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27 https://usn.ubuntu.com/3989-1 https://www.libraw.org/news/libraw-0-19-2-release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5818
https://notcve.org/view.php?id=CVE-2018-5818
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. Un error en la función "parse_rollei()" (internal/dcraw_common.cpp), en las versiones de LibRaw anteriores a la 0.19.1, podría explotarse para desencadenar un bucle infinito. • https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27 https://usn.ubuntu.com/3989-1 https://www.libraw.org/news/libraw-0-19-2-release • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •