rpm package

almalinux/LibRaw-devel

pkg:rpm/almalinux/LibRaw-devel

Vulnerabilities (88)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2021-21806	—		< 0.19.5-3.el8	0.19.5-3.el8	Jul 8, 2021	An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
CVE-2021-21775	—		< 0.19.5-3.el8	0.19.5-3.el8	Jul 7, 2021	A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim m
CVE-2020-24870	—		< 0.19.5-3.el8	0.19.5-3.el8	Jun 2, 2021	Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVE-2021-1844	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code ex
CVE-2021-1871	—	KEV	< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a re
CVE-2021-1870	—	KEV	< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a re
CVE-2021-1801	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe s
CVE-2021-1799	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able
CVE-2021-1789	—	KEV	< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web co
CVE-2021-1788	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web
CVE-2021-1765	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
CVE-2020-29623	—		< 0.19.5-3.el8	0.19.5-3.el8	Apr 2, 2021	"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl
CVE-2021-28650	—		< 0.19.5-3.el8	0.19.5-3.el8	Mar 17, 2021	autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists becaus
CVE-2020-13558	—		< 0.19.5-3.el8	0.19.5-3.el8	Mar 3, 2021	A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
CVE-2020-14391	—		< 0.19.5-2.el8	0.19.5-2.el8	Feb 8, 2021	A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover t
CVE-2020-36241	—		< 0.19.5-3.el8	0.19.5-3.el8	Feb 5, 2021	autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-27918	—		< 0.19.5-3.el8	0.19.5-3.el8	Dec 8, 2020	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le
CVE-2020-3864	—		< 0.19.5-2.el8	0.19.5-2.el8	Oct 27, 2020	A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
CVE-2019-8846	—		< 0.19.5-2.el8	0.19.5-2.el8	Oct 27, 2020	A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to ar
CVE-2019-8844	—		< 0.19.5-2.el8	0.19.5-2.el8	Oct 27, 2020	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted w

CVE-2021-21806Jul 8, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
CVE-2021-21775Jul 7, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim m
CVE-2020-24870Jun 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVE-2021-1844Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code ex
CVE-2021-1871KEVApr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a re
CVE-2021-1870KEVApr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a re
CVE-2021-1801Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe s
CVE-2021-1799Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able
CVE-2021-1789KEVApr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web co
CVE-2021-1788Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web
CVE-2021-1765Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
CVE-2020-29623Apr 2, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl
CVE-2021-28650Mar 17, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists becaus
CVE-2020-13558Mar 3, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
CVE-2020-14391Feb 8, 2021
affected < 0.19.5-2.el8fixed 0.19.5-2.el8
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover t
CVE-2020-36241Feb 5, 2021
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-27918Dec 8, 2020
affected < 0.19.5-3.el8fixed 0.19.5-3.el8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le
CVE-2020-3864Oct 27, 2020
affected < 0.19.5-2.el8fixed 0.19.5-2.el8
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
CVE-2019-8846Oct 27, 2020
affected < 0.19.5-2.el8fixed 0.19.5-2.el8
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to ar
CVE-2019-8844Oct 27, 2020
affected < 0.19.5-2.el8fixed 0.19.5-2.el8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted w

Page 2 of 5