rpm package
opensuse/libraw&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libraw&distro=openSUSE%20Tumbleweed
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10528 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Apr 29, 2018 | An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | ||
| CVE-2017-14348 | Hig | 8.8 | < 0.20.2-4.1 | 0.20.2-4.1 | Sep 12, 2017 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | |
| CVE-2017-14265 | Cri | 9.8 | < 0.20.2-4.1 | 0.20.2-4.1 | Sep 11, 2017 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | |
| CVE-2017-13735 | Hig | 7.5 | < 0.20.2-4.1 | 0.20.2-4.1 | Aug 29, 2017 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |
| CVE-2017-6887 | Hig | 7.8 | < 0.20.2-4.1 | 0.20.2-4.1 | May 16, 2017 | A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x | |
| CVE-2017-6886 | Cri | 9.8 | < 0.20.2-4.1 | 0.20.2-4.1 | May 16, 2017 | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | |
| CVE-2017-6890 | Cri | 9.8 | < 0.20.2-4.1 | 0.20.2-4.1 | May 15, 2017 | A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. | |
| CVE-2013-2127 | — | < 0.17.2-1.4 | 0.17.2-1.4 | Aug 14, 2013 | Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||
| CVE-2013-2126 | — | < 0.17.2-1.4 | 0.17.2-1.4 | Aug 14, 2013 | Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW i |
- CVE-2018-10528Apr 29, 2018affected < 0.20.2-4.1fixed 0.20.2-4.1
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
- affected < 0.20.2-4.1fixed 0.20.2-4.1
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
- affected < 0.20.2-4.1fixed 0.20.2-4.1
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
- affected < 0.20.2-4.1fixed 0.20.2-4.1
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
- affected < 0.20.2-4.1fixed 0.20.2-4.1
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x
- affected < 0.20.2-4.1fixed 0.20.2-4.1
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
- affected < 0.20.2-4.1fixed 0.20.2-4.1
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.
- CVE-2013-2127Aug 14, 2013affected < 0.17.2-1.4fixed 0.17.2-1.4
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
- CVE-2013-2126Aug 14, 2013affected < 0.17.2-1.4fixed 0.17.2-1.4
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW i
Page 2 of 2