CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 https://github.com/LibRaw/LibRaw/issues/557 https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY https://security.gentoo.org/glsa/202312-08 https://www.debian.org/security/2023/dsa-5412 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533
https://notcve.org/view.php?id=CVE-2020-35533
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb https://github.com/LibRaw/LibRaw/issues/273 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35534
https://notcve.org/view.php?id=CVE-2020-35534
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. En LibRaw, se presenta una vulnerabilidad de corrupción de memoria en la función "crxFreeSubbandData()" (libraw\src\decoders\crx.cpp) cuando son procesados archivos cr3 • https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 https://github.com/LibRaw/LibRaw/issues/279 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-35535
https://notcve.org/view.php?id=CVE-2020-35535
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::parseSonySRF()" (libraw\src\metadata\sony.cpp) cuando son procesados archivos srf • https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 https://github.com/LibRaw/LibRaw/issues/283 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35530
https://notcve.org/view.php?id=CVE-2020-35530
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. En LibRaw, se presenta una vulnerabilidad de escritura fuera de límites en la función "new_node()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de un archivo X3F diseñado • https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb https://github.com/LibRaw/LibRaw/issues/272 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-787: Out-of-bounds Write •