CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14608 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14608
20 Sep 2017 — In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. En LibRaw hasta la versión 0.18.4, un error de lectura fuera de límites relacionado con kodak_65000_load_raw se ha detectado en dcraw/dcraw.c e internal/dcraw_common.cpp. Un atacante podría explotar esta vulnerabilidad para divulgar memoria pot... • https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14348 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14348
12 Sep 2017 — LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. LibRaw en versiones anteriores a la 0.18.4 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en la función processCanonCameraInfo mediante un archivo manipulado. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw t... • http://www.securityfocus.com/bid/100866 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14265 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-14265
11 Sep 2017 — A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en pila en xtrans_interpolate en internal/dcraw_common.cpp de LibRaw en versiones anteriores a la 0.18.3. Podría permitir un ataque remoto de denegación de servicio o de ejecución de código. It was discovered that LibRaw incorrectly handled photo files. • https://github.com/LibRaw/LibRaw/issues/99 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13735 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2017-13735
29 Aug 2017 — There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. Existe una excepción de punto flotante en la función kodak_radc_load_raw en dcraw_common.cpp en LibRaw 0.18.2. Esto podría permitir que se realice un ataque de denegación de servicio remoto. It was discovered that LibRaw incorrectly handled photo files. • https://bugzilla.redhat.com/show_bug.cgi?id=1483988 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6887 – Debian Security Advisory 3950-1
https://notcve.org/view.php?id=CVE-2017-6887
16 May 2017 — A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. Un error de límites dentro de la función "parse_tiff_ifd()" (en el archivo internal/dcraw_common.cpp) en LibRaw versiones anteriores a 0.18.2, puede ser explotado para causar un corrupción de memoria por medio de, por ejem... • http://www.debian.org/security/2017/dsa-3950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6886 – LibRaw 0.18.1 parse_tiff_ifd() Memory Corruption
https://notcve.org/view.php?id=CVE-2017-6886
15 May 2017 — An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Un fallo dentro de la función \"parse_tiff_ifd()\" (internal/dcraw_common.cpp) en las versiones de LibRaw anteriores a la 0.18.2 podría explotarse para corromper la memoria. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applicati... • http://www.debian.org/security/2017/dsa-3950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8366 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2015-8366
30 Nov 2015 — Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. Un error de índice de matriz en la función smal_decode_segment en LibRaw versiones anteriores a 0.17.1, permite a atacantes dependiendo del contexto causar errores de memoria y posiblemente ejecutar código arbitrario por medio de vectores relacionados con índices. It was discovered that LibRaw incorrectly handl... • http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8367 – Ubuntu Security Notice USN-3492-1
https://notcve.org/view.php?id=CVE-2015-8367
30 Nov 2015 — The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. La función phase_one_correct en Libraw versiones anteriores a 0.17.1, permite a atacantes causar errores de memoria y posiblemente ejecutar código arbitrario, relacionado con la inicialización de objetos de memoria. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a... • http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 2CVE-2013-1439 – Ubuntu Security Notice USN-1978-1
https://notcve.org/view.php?id=CVE-2013-1439
16 Sep 2013 — The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. El "faster LJPEG decoder" en libraw versiones 0.13.x, 0.14.x, y versiones 0.15.x anteriores a 0.15.4, permite a los atacantes dependiendo del contexto causar una denegación de servicio (desreferencia de un puntero NULL) por medio de un archivo de fotos diseñado. It was discovered that libKDcraw incorrectly handled p... • http://www.debian.org/security/2013/dsa-2748 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-2127 – Gentoo Linux Security Advisory 201309-09
https://notcve.org/view.php?id=CVE-2013-2127
14 Aug 2013 — Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el código de corrección de la exposición en LibRaw anterior a v0.15.1 permite a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente la ejecución de código de su elección a través de vectores no especificados. Multiple vulnerabilities ha... • http://secunia.com/advisories/53547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •