CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22628 – Ubuntu Security Notice USN-6377-1
https://notcve.org/view.php?id=CVE-2020-22628
22 Aug 2023 — Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Vulnerabilidad de desbordamiento de búfer en la función LibRaw::stretch() en libraw\src\postprocessing\aspect_ratio.cpp. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://github.com/LibRaw/LibRaw/issues/269 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
15 May 2023 — A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32142 – LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
https://notcve.org/view.php?id=CVE-2021-32142
17 Feb 2023 — Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, v... • https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533 – Ubuntu Security Notice USN-5715-1
https://notcve.org/view.php?id=CVE-2020-35533
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted ph... • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35534
https://notcve.org/view.php?id=CVE-2020-35534
01 Sep 2022 — In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. En LibRaw, se presenta una vulnerabilidad de corrupción de memoria en la función "crxFreeSubbandData()" (libraw\src\decoders\crx.cpp) cuando son procesados archivos cr3 • https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-35535
https://notcve.org/view.php?id=CVE-2020-35535
01 Sep 2022 — In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::parseSonySRF()" (libraw\src\metadata\sony.cpp) cuando son procesados archivos srf • https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35530
https://notcve.org/view.php?id=CVE-2020-35530
01 Sep 2022 — In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. En LibRaw, se presenta una vulnerabilidad de escritura fuera de límites en la función "new_node()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de un archivo X3F diseñado • https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35531 – Ubuntu Security Notice USN-7266-1
https://notcve.org/view.php?id=CVE-2020-35531
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función get_huffman_diff() (libraw\src\x3f\x3f_utils_patched.cpp) cuando son leídos datos de un archivo de imagen Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly... • https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35532 – Ubuntu Security Notice USN-7266-1
https://notcve.org/view.php?id=CVE-2020-35532
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "simple_decode_row()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de una imagen con un campo row_stride grande Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam... • https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24870 – LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
https://notcve.org/view.php?id=CVE-2020-24870
02 Jun 2021 — Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. Libraw versiones anteriores a 0.20.1, tiene un desbordamiento del búfer de lapila por medio de la función LibRaw::identify_process_dng_fields en el archivo identify.cpp A stack buffer overflow vulnerability was found in LibRaw. This flaw allows a malicious user to send a crafted image that, when parsed by an application linked to LibRaw, leads to a denial of service or potential code execution. GNOME is... • https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •