rpm package

suse/dcraw&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/dcraw&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (11)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-3624		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Apr 18, 2022	There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
CVE-2018-5806		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Dec 7, 2018	An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5805		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Dec 7, 2018	A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5801		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Dec 7, 2018	An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-19655		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Nov 29, 2018	A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
CVE-2018-19568		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Nov 26, 2018	A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2018-19567		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Nov 26, 2018	A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2018-19566		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Nov 26, 2018	A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2018-19565		—	< 9.28.0-3.3.1	9.28.0-3.3.1	Nov 26, 2018	A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2017-14608	Cri	9.1	< 9.28.0-3.3.1	9.28.0-3.3.1	Sep 20, 2017	In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735	Hig	7.5	< 9.28.0-3.3.1	9.28.0-3.3.1	Aug 29, 2017	There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

CVE-2021-3624Apr 18, 2022
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
CVE-2018-5806Dec 7, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5805Dec 7, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5801Dec 7, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-19655Nov 29, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
CVE-2018-19568Nov 26, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2018-19567Nov 26, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
CVE-2018-19566Nov 26, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2018-19565Nov 26, 2018
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
CVE-2017-14608CriSep 20, 2017
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735HigAug 29, 2017
affected < 9.28.0-3.3.1fixed 9.28.0-3.3.1
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.