CVE-2018-20337
LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Existe un desbordamiento de búfer basado en pila en la función parse_makernote de dcraw_common.cpp en la versión 0.19.1 de LibRaw. Se podría realizar un ataque de denegación de servicio u otro tipo de impacto sin especificar con una entrada especialmente manipulada.
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-21 CVE Reserved
- 2018-12-21 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/LibRaw/LibRaw/issues/192 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3989-1 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2018-20337 | 2020-04-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1661555 | 2020-04-28 |