CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 https://github.com/LibRaw/LibRaw/issues/557 https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY https://security.gentoo.org/glsa/202312-08 https://www.debian.org/security/2023/dsa-5412 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32142 – LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
https://notcve.org/view.php?id=CVE-2021-32142
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash. • https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 https://github.com/LibRaw/LibRaw/issues/400 https://github.com/gtt1995 https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L https://www.debian.org/security/2023/dsa-5412 https://www&# • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533
https://notcve.org/view.php?id=CVE-2020-35533
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb https://github.com/LibRaw/LibRaw/issues/273 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35534
https://notcve.org/view.php?id=CVE-2020-35534
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. En LibRaw, se presenta una vulnerabilidad de corrupción de memoria en la función "crxFreeSubbandData()" (libraw\src\decoders\crx.cpp) cuando son procesados archivos cr3 • https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 https://github.com/LibRaw/LibRaw/issues/279 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-35535
https://notcve.org/view.php?id=CVE-2020-35535
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::parseSonySRF()" (libraw\src\metadata\sony.cpp) cuando son procesados archivos srf • https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 https://github.com/LibRaw/LibRaw/issues/283 • CWE-125: Out-of-bounds Read •