rpm package

suse/libraw&distro=SUSE Linux Enterprise Desktop 12 SP3

pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Vulnerabilities (24)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2015-8367		—	< 0.15.4-9.2	0.15.4-9.2	Jan 14, 2020	The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
CVE-2018-5819		—	< 0.15.4-30.1	0.15.4-30.1	Feb 20, 2019	An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2018-5818		—	< 0.15.4-30.1	0.15.4-30.1	Feb 20, 2019	An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-5817		—	< 0.15.4-30.1	0.15.4-30.1	Feb 20, 2019	A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-20365		—	< 0.15.4-30.1	0.15.4-30.1	Dec 22, 2018	LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
CVE-2018-20364		—	< 0.15.4-30.1	0.15.4-30.1	Dec 22, 2018	LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-20363		—	< 0.15.4-30.1	0.15.4-30.1	Dec 22, 2018	LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-5813		—	< 0.15.4-21.1	0.15.4-21.1	Dec 7, 2018	An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2018-5810		—	< 0.15.4-21.1	0.15.4-21.1	Dec 7, 2018	An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-5808		—	< 0.15.4-27.1	0.15.4-27.1	Dec 7, 2018	An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5806		—	< 0.15.4-27.1	0.15.4-27.1	Dec 7, 2018	An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5805		—	< 0.15.4-27.1	0.15.4-27.1	Dec 7, 2018	A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5802		—	< 0.15.4-21.1	0.15.4-21.1	Dec 7, 2018	An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5801		—	< 0.15.4-21.1	0.15.4-21.1	Dec 7, 2018	An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5800		—	< 0.15.4-21.1	0.15.4-21.1	Dec 7, 2018	An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2017-16909		—	< 0.15.4-16.1	0.15.4-16.1	Dec 7, 2018	An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
CVE-2017-14608	Cri	9.1	< 0.15.4-16.1	0.15.4-16.1	Sep 20, 2017	In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735	Hig	7.5	< 0.15.4-16.1	0.15.4-16.1	Aug 29, 2017	There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-6899	Med	6.2	< 0.15.4-9.2	0.15.4-9.2	Jun 16, 2017	The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and de
CVE-2017-6887	Hig	7.8	< 0.15.4-9.2	0.15.4-9.2	May 16, 2017	A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x

CVE-2015-8367Jan 14, 2020
affected < 0.15.4-9.2fixed 0.15.4-9.2
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
CVE-2018-5819Feb 20, 2019
affected < 0.15.4-30.1fixed 0.15.4-30.1
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2018-5818Feb 20, 2019
affected < 0.15.4-30.1fixed 0.15.4-30.1
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-5817Feb 20, 2019
affected < 0.15.4-30.1fixed 0.15.4-30.1
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-20365Dec 22, 2018
affected < 0.15.4-30.1fixed 0.15.4-30.1
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
CVE-2018-20364Dec 22, 2018
affected < 0.15.4-30.1fixed 0.15.4-30.1
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-20363Dec 22, 2018
affected < 0.15.4-30.1fixed 0.15.4-30.1
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-5813Dec 7, 2018
affected < 0.15.4-21.1fixed 0.15.4-21.1
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2018-5810Dec 7, 2018
affected < 0.15.4-21.1fixed 0.15.4-21.1
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-5808Dec 7, 2018
affected < 0.15.4-27.1fixed 0.15.4-27.1
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5806Dec 7, 2018
affected < 0.15.4-27.1fixed 0.15.4-27.1
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5805Dec 7, 2018
affected < 0.15.4-27.1fixed 0.15.4-27.1
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5802Dec 7, 2018
affected < 0.15.4-21.1fixed 0.15.4-21.1
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5801Dec 7, 2018
affected < 0.15.4-21.1fixed 0.15.4-21.1
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5800Dec 7, 2018
affected < 0.15.4-21.1fixed 0.15.4-21.1
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2017-16909Dec 7, 2018
affected < 0.15.4-16.1fixed 0.15.4-16.1
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
CVE-2017-14608CriSep 20, 2017
affected < 0.15.4-16.1fixed 0.15.4-16.1
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735HigAug 29, 2017
affected < 0.15.4-16.1fixed 0.15.4-16.1
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-6899MedJun 16, 2017
affected < 0.15.4-9.2fixed 0.15.4-9.2
The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and de
CVE-2017-6887HigMay 16, 2017
affected < 0.15.4-9.2fixed 0.15.4-9.2
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x

Page 1 of 2