rpm package
opensuse/dcraw&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/dcraw&distro=openSUSE%20Tumbleweed
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3624 | — | < 9.28.0-2.1 | 9.28.0-2.1 | Apr 18, 2022 | There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | ||
| CVE-2018-5806 | — | < 9.28.0-2.1 | 9.28.0-2.1 | Dec 7, 2018 | An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. | ||
| CVE-2018-5805 | — | < 9.28.0-2.1 | 9.28.0-2.1 | Dec 7, 2018 | A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. | ||
| CVE-2018-5801 | — | < 9.28.0-1.6 | 9.28.0-1.6 | Dec 7, 2018 | An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | ||
| CVE-2018-19655 | — | < 9.28.0-1.6 | 9.28.0-1.6 | Nov 29, 2018 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | ||
| CVE-2018-19568 | — | < 9.28.0-2.1 | 9.28.0-2.1 | Nov 26, 2018 | A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | ||
| CVE-2018-19566 | — | < 9.28.0-2.1 | 9.28.0-2.1 | Nov 26, 2018 | A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | ||
| CVE-2017-14608 | Cri | 9.1 | < 9.28.0-1.6 | 9.28.0-1.6 | Sep 20, 2017 | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |
| CVE-2017-13735 | Hig | 7.5 | < 9.28.0-1.6 | 9.28.0-1.6 | Aug 29, 2017 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. |
- CVE-2021-3624Apr 18, 2022affected < 9.28.0-2.1fixed 9.28.0-2.1
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
- CVE-2018-5806Dec 7, 2018affected < 9.28.0-2.1fixed 9.28.0-2.1
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
- CVE-2018-5805Dec 7, 2018affected < 9.28.0-2.1fixed 9.28.0-2.1
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
- CVE-2018-5801Dec 7, 2018affected < 9.28.0-1.6fixed 9.28.0-1.6
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
- CVE-2018-19655Nov 29, 2018affected < 9.28.0-1.6fixed 9.28.0-1.6
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
- CVE-2018-19568Nov 26, 2018affected < 9.28.0-2.1fixed 9.28.0-2.1
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
- CVE-2018-19566Nov 26, 2018affected < 9.28.0-2.1fixed 9.28.0-2.1
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
- affected < 9.28.0-1.6fixed 9.28.0-1.6
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- affected < 9.28.0-1.6fixed 9.28.0-1.6
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.