CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5801 – LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
https://notcve.org/view.php?id=CVE-2018-5801
30 Jan 2018 — An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. Un error en la función "LibRaw::unpack()" (src/libraw_cxx.cpp) en LibRaw, en versiones anteriores a la 0.18.7, puede explotarse para desencadenar una desreferencia de puntero NULL. A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking th... • https://access.redhat.com/errata/RHSA-2018:3065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5802 – LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-5802
30 Jan 2018 — An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. Un error en la función "kodak_radc_load_raw()" (internal/dcraw_common.cpp) relacionada con la variable "buf" en LibRaw en versiones anteriores a la 0.18.7 se puede explotar para provocar un acceso de lectura a la memoria fuera de límites y un cierre inesperado. An out-of-... • https://access.redhat.com/errata/RHSA-2018:3065 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16909 – Ubuntu Security Notice USN-3615-1
https://notcve.org/view.php?id=CVE-2017-16909
12 Dec 2017 — An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. Un error relacionado con la función "LibRaw::panasonic_load_raw()" (dcraw_common.cpp) en las versiones anteriores a la 0.18.6 de LibRaw puede explotarse para provocar un desbordamiento de búfer basado en memoria dinámica (heap) y un cierre inesperado mediante una imagen T... • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16910 – Ubuntu Security Notice USN-3615-1
https://notcve.org/view.php?id=CVE-2017-16910
12 Dec 2017 — An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. Un error en la función "LibRaw::xtrans_interpolate()" (internal/dcraw_common.cpp) en LibRaw en versiones anteriores a la 0.18.6 se puede explotar para provocar un acceso de lectura a la memoria inválido y una condición de denegación de servicio (DoS). It was discovered that LibRaw inc... • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14608 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14608
20 Sep 2017 — In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. En LibRaw hasta la versión 0.18.4, un error de lectura fuera de límites relacionado con kodak_65000_load_raw se ha detectado en dcraw/dcraw.c e internal/dcraw_common.cpp. Un atacante podría explotar esta vulnerabilidad para divulgar memoria pot... • https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14348 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14348
12 Sep 2017 — LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. LibRaw en versiones anteriores a la 0.18.4 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en la función processCanonCameraInfo mediante un archivo manipulado. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw t... • http://www.securityfocus.com/bid/100866 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14265 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14265
11 Sep 2017 — A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en pila en xtrans_interpolate en internal/dcraw_common.cpp de LibRaw en versiones anteriores a la 0.18.3. Podría permitir un ataque remoto de denegación de servicio o de ejecución de código. It was discovered that LibRaw incorrectly handled photo files. • https://github.com/LibRaw/LibRaw/issues/99 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13735 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-13735
29 Aug 2017 — There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. Existe una excepción de punto flotante en la función kodak_radc_load_raw en dcraw_common.cpp en LibRaw 0.18.2. Esto podría permitir que se realice un ataque de denegación de servicio remoto. An update that fixes 11 vulnerabilities is now available. • https://bugzilla.redhat.com/show_bug.cgi?id=1483988 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6887 – Debian Security Advisory 3950-1
https://notcve.org/view.php?id=CVE-2017-6887
16 May 2017 — A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. Un error de límites dentro de la función "parse_tiff_ifd()" (en el archivo internal/dcraw_common.cpp) en LibRaw versiones anteriores a 0.18.2, puede ser explotado para causar un corrupción de memoria por medio de, por ejem... • http://www.debian.org/security/2017/dsa-3950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6890
https://notcve.org/view.php?id=CVE-2017-6890
15 May 2017 — A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. Un error de límite dentro de la función "foveon_load_camf ()" (dcraw_foveon.c) al inicializar una tabla huffman en LibRaw-demosaic-pack-GPL2 anterior a versión 0.18.2 puede ser explotado para causar un desbordamiento de búfer en la región stack de la memoria. • https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •