Dcraw Project
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19655 | Hig | 0.57 | 8.8 | 0.03 | Nov 29, 2018 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | ||
| CVE-2021-3624 | Hig | 0.51 | 7.8 | 0.01 | Apr 18, 2022 | There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | ||
| CVE-2018-19566 | Hig | 0.46 | 7.1 | 0.01 | Nov 26, 2018 | A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | ||
| CVE-2018-19565 | Hig | 0.46 | 7.1 | 0.01 | Nov 26, 2018 | A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | ||
| CVE-2018-19568 | Med | 0.36 | 5.5 | 0.01 | Nov 26, 2018 | A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | ||
| CVE-2018-19567 | Med | 0.36 | 5.5 | 0.01 | Nov 26, 2018 | A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | ||
| CVE-2015-3885 | 0.00 | — | 0.05 | May 19, 2015 | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | |||
| CVE-2013-1438 | 0.00 | — | 0.02 | Jan 19, 2014 | Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer… |
- risk 0.57cvss 8.8epss 0.03
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
- risk 0.51cvss 7.8epss 0.01
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
- risk 0.46cvss 7.1epss 0.01
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
- risk 0.46cvss 7.1epss 0.01
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
- risk 0.36cvss 5.5epss 0.01
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
- risk 0.36cvss 5.5epss 0.01
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
- CVE-2015-3885May 19, 2015risk 0.00cvss —epss 0.05
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
- CVE-2013-1438Jan 19, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer…