CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14608 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14608
20 Sep 2017 — In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. En LibRaw hasta la versión 0.18.4, un error de lectura fuera de límites relacionado con kodak_65000_load_raw se ha detectado en dcraw/dcraw.c e internal/dcraw_common.cpp. Un atacante podría explotar esta vulnerabilidad para divulgar memoria pot... • https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14348 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14348
12 Sep 2017 — LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. LibRaw en versiones anteriores a la 0.18.4 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en la función processCanonCameraInfo mediante un archivo manipulado. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw t... • http://www.securityfocus.com/bid/100866 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14265 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14265
11 Sep 2017 — A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en pila en xtrans_interpolate en internal/dcraw_common.cpp de LibRaw en versiones anteriores a la 0.18.3. Podría permitir un ataque remoto de denegación de servicio o de ejecución de código. It was discovered that LibRaw incorrectly handled photo files. • https://github.com/LibRaw/LibRaw/issues/99 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13735 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-13735
29 Aug 2017 — There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. Existe una excepción de punto flotante en la función kodak_radc_load_raw en dcraw_common.cpp en LibRaw 0.18.2. Esto podría permitir que se realice un ataque de denegación de servicio remoto. It was discovered that LibRaw incorrectly handled photo files. • https://bugzilla.redhat.com/show_bug.cgi?id=1483988 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6887 – Debian Security Advisory 3950-1
https://notcve.org/view.php?id=CVE-2017-6887
16 May 2017 — A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. Un error de límites dentro de la función "parse_tiff_ifd()" (en el archivo internal/dcraw_common.cpp) en LibRaw versiones anteriores a 0.18.2, puede ser explotado para causar un corrupción de memoria por medio de, por ejem... • http://www.debian.org/security/2017/dsa-3950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6889
https://notcve.org/view.php?id=CVE-2017-6889
15 May 2017 — An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. Un desbordamiento de enteros dentro de la función foveon_load_camf() (dcraw_foveon.c) en LibRaw-demosaic-pack-GPL2 en versiones anteriores a la 0.18.2 puede explotarse para provocar una sobrelectura de búfer basada dinámica o heap. • https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6890
https://notcve.org/view.php?id=CVE-2017-6890
15 May 2017 — A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. Un error de límite dentro de la función "foveon_load_camf ()" (dcraw_foveon.c) al inicializar una tabla huffman en LibRaw-demosaic-pack-GPL2 anterior a versión 0.18.2 puede ser explotado para causar un desbordamiento de búfer en la región stack de la memoria. • https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6886 – LibRaw 0.18.1 parse_tiff_ifd() Memory Corruption
https://notcve.org/view.php?id=CVE-2017-6886
15 May 2017 — An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Un fallo dentro de la función \"parse_tiff_ifd()\" (internal/dcraw_common.cpp) en las versiones de LibRaw anteriores a la 0.18.2 podría explotarse para corromper la memoria. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applicati... • http://www.debian.org/security/2017/dsa-3950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8366 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2015-8366
30 Nov 2015 — Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. Un error de índice de matriz en la función smal_decode_segment en LibRaw versiones anteriores a 0.17.1, permite a atacantes dependiendo del contexto causar errores de memoria y posiblemente ejecutar código arbitrario por medio de vectores relacionados con índices. It was discovered that LibRaw incorrectly handl... • http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8367 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2015-8367
30 Nov 2015 — The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. La función phase_one_correct en Libraw versiones anteriores a 0.17.1, permite a atacantes causar errores de memoria y posiblemente ejecutar código arbitrario, relacionado con la inicialización de objetos de memoria. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a... • http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html • CWE-665: Improper Initialization •