CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5804
https://notcve.org/view.php?id=CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. Un error de confusión de tipos en la función "identify()" (internal/dcraw_common.cpp) en LibRaw, en versiones anteriores a la 0.18.8, puede explotarse para desencadenar una división entre cero. • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff https://secuniaresearch.flexerasoftware.com/advisories/81000 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3 • CWE-369: Divide By Zero CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5806 – LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. Un error en la función "leaf_hdr_load_raw()" (internal/dcraw_common.cpp) en LibRaw, en versiones anteriores a la 0.18.8, puede explotarse para desencadenar una desreferencia de puntero NULL. A NULL pointer dereference vulnerability in internal/dcraw_common.cpp:leaf_hdr_load_raw() function was found in LibRaw. A user can cause a denial of service when processing specially-crafted RAW data. • https://access.redhat.com/errata/RHSA-2018:3065 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff https://secuniaresearch.flexerasoftware.com/advisories/81000 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3 https://access.redhat.com/security/cve/CVE-2018-5806 https://bugzilla.redhat.com/show_bug.cgi?id=1591897 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5805 – LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. Un error de límites en la función "quicktake_100_load_raw()" (internal/dcraw_common.cpp) en las versiones anteriores a la 0.18.8 de LibRaw puede explotarse para provocar un desbordamiento de búfer basado en pila y un cierre inesperado. LibRaw is vulnerable to stack-based buffer overflow in internal/dcraw_common.cpp:quicktake_100_load_raw() function when processing specially-crafted RAW data. An attacker could potentially use this flaw to cause an arbitrary code execution or denial of service. • https://access.redhat.com/errata/RHSA-2018:3065 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff https://secuniaresearch.flexerasoftware.com/advisories/81000 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3 https://access.redhat.com/security/cve/CVE-2018-5805 https://bugzilla.redhat.com/show_bug.cgi?id=1591887 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5801 – LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
https://notcve.org/view.php?id=CVE-2018-5801
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. Un error en la función "LibRaw::unpack()" (src/libraw_cxx.cpp) en LibRaw, en versiones anteriores a la 0.18.7, puede explotarse para desencadenar una desreferencia de puntero NULL. A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images. • https://access.redhat.com/errata/RHSA-2018:3065 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914 https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/advisories/79000 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1 https://usn.ubuntu.com/3615-1 https://access.redhat.com/security/cve/CVE-2018-5801 https://bugzilla.redhat.com/show_bug.cg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5802 – LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
https://notcve.org/view.php?id=CVE-2018-5802
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. Un error en la función "kodak_radc_load_raw()" (internal/dcraw_common.cpp) relacionada con la variable "buf" en LibRaw en versiones anteriores a la 0.18.7 se puede explotar para provocar un acceso de lectura a la memoria fuera de límites y un cierre inesperado. An out-of-bounds read flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images. • https://access.redhat.com/errata/RHSA-2018:3065 https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/advisories/79000 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1 https://usn.ubuntu.com/3615-1 https://access.redhat.com/security/cve/CVE-2018-5802 https://bugzilla.redhat.com/show_bug.cg • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •