VYPR

Dcraw

by Dcraw Project

CVEs (8)

  • CVE-2018-19655HigNov 29, 2018
    risk 0.57cvss 8.8epss 0.03

    A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

  • CVE-2021-3624HigApr 18, 2022
    risk 0.51cvss 7.8epss 0.01

    There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

  • CVE-2018-19566HigNov 26, 2018
    risk 0.46cvss 7.1epss 0.01

    A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

  • CVE-2018-19565HigNov 26, 2018
    risk 0.46cvss 7.1epss 0.01

    A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

  • CVE-2018-19568MedNov 26, 2018
    risk 0.36cvss 5.5epss 0.01

    A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

  • CVE-2018-19567MedNov 26, 2018
    risk 0.36cvss 5.5epss 0.01

    A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

  • CVE-2015-3885May 19, 2015
    risk 0.00cvss epss 0.05

    Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

  • CVE-2013-1438Jan 19, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer…