Vendor CVEs
Libraw
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21413 | Cri | 0.64 | 9.8 | 0.01 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this… | ||
| CVE-2026-20911 | Cri | 0.64 | 9.8 | 0.01 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2026-20889 | Cri | 0.64 | 9.8 | 0.01 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2017-14265 | Cri | 0.64 | 9.8 | 0.04 | Sep 11, 2017 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | ||
| CVE-2017-6886 | Cri | 0.64 | 9.8 | 0.03 | May 16, 2017 | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | ||
| CVE-2017-6890 | Cri | 0.64 | 9.8 | 0.01 | May 15, 2017 | A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. | ||
| CVE-2017-6889 | Cri | 0.64 | 9.8 | 0.01 | May 15, 2017 | An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | ||
| CVE-2017-14608 | Cri | 0.59 | 9.1 | 0.02 | Sep 20, 2017 | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | ||
| CVE-2017-14348 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2017 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | ||
| CVE-2026-24660 | Hig | 0.53 | 8.1 | 0.01 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2026-24450 | Hig | 0.53 | 8.1 | 0.00 | Apr 7, 2026 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2026-20884 | Hig | 0.53 | 8.1 | 0.00 | Apr 7, 2026 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2017-6887 | Hig | 0.51 | 7.8 | 0.02 | May 16, 2017 | A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and… | ||
| CVE-2017-13735 | Hig | 0.49 | 7.5 | 0.03 | Aug 29, 2017 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | ||
| CVE-2026-5342 | Med | 0.27 | 5.3 | 0.01 | Apr 2, 2026 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It… | ||
| CVE-2026-5318 | Med | 0.21 | 4.3 | 0.01 | Apr 2, 2026 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate… | ||
| CVE-2025-43964 | 0.00 | — | 0.00 | Apr 20, 2025 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. | |||
| CVE-2025-43961 | 0.00 | — | 0.00 | Apr 20, 2025 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. | |||
| CVE-2025-43963 | 0.00 | — | 0.00 | Apr 20, 2025 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. | |||
| CVE-2025-43962 | 0.00 | — | 0.00 | Apr 20, 2025 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | |||
| CVE-2020-22628 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | |||
| CVE-2023-1729 | 0.00 | — | 0.01 | May 15, 2023 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | |||
| CVE-2021-32142 | 0.00 | — | 0.00 | Feb 17, 2023 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | |||
| CVE-2020-35533 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | |||
| CVE-2020-35534 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | |||
| CVE-2020-35535 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. | |||
| CVE-2020-35530 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. | |||
| CVE-2020-35531 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | |||
| CVE-2020-35532 | 0.00 | — | 0.00 | Sep 1, 2022 | In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | |||
| CVE-2020-24870 | 0.00 | — | 0.02 | Jun 2, 2021 | Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | |||
| CVE-2020-24889 | 0.00 | — | 0.01 | Sep 16, 2020 | A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | |||
| CVE-2020-24890 | 0.00 | — | 0.02 | Sep 16, 2020 | libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way | |||
| CVE-2020-15503 | 0.00 | — | 0.04 | Jul 2, 2020 | LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. | |||
| CVE-2020-15365 | 0.00 | — | 0.01 | Jun 28, 2020 | LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. | |||
| CVE-2015-8366 | 0.00 | — | 0.05 | Jan 14, 2020 | Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | |||
| CVE-2019-16214 | 0.00 | — | 0.01 | Sep 11, 2019 | Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which… | |||
| CVE-2018-5817 | 0.00 | — | 0.03 | Feb 20, 2019 | A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | |||
| CVE-2018-5819 | 0.00 | — | 0.03 | Feb 20, 2019 | An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | |||
| CVE-2018-5818 | 0.00 | — | 0.02 | Feb 20, 2019 | An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. | |||
| CVE-2018-20364 | 0.00 | — | 0.03 | Dec 22, 2018 | LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | |||
| CVE-2018-20365 | 0.00 | — | 0.03 | Dec 22, 2018 | LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. | |||
| CVE-2018-20363 | 0.00 | — | 0.03 | Dec 22, 2018 | LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | |||
| CVE-2018-20337 | 0.00 | — | 0.02 | Dec 21, 2018 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. | |||
| CVE-2018-5808 | 0.00 | — | 0.03 | Dec 7, 2018 | An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | |||
| CVE-2018-5805 | 0.00 | — | 0.02 | Dec 7, 2018 | A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. | |||
| CVE-2017-16910 | 0.00 | — | 0.02 | Dec 7, 2018 | An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||
| CVE-2018-5815 | 0.00 | — | 0.02 | Dec 7, 2018 | An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. | |||
| CVE-2018-5804 | 0.00 | — | 0.02 | Dec 7, 2018 | A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. | |||
| CVE-2018-5811 | 0.00 | — | 0.02 | Dec 7, 2018 | An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||
| CVE-2018-5812 | 0.00 | — | 0.02 | Dec 7, 2018 | An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. |
- risk 0.64cvss 9.8epss 0.01
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this…
- risk 0.64cvss 9.8epss 0.01
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.01
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.04
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
- risk 0.64cvss 9.8epss 0.03
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
- risk 0.64cvss 9.8epss 0.01
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.
- risk 0.64cvss 9.8epss 0.01
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.
- risk 0.59cvss 9.1epss 0.02
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- risk 0.57cvss 8.8epss 0.02
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
- risk 0.53cvss 8.1epss 0.01
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.53cvss 8.1epss 0.00
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.53cvss 8.1epss 0.00
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.51cvss 7.8epss 0.02
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and…
- risk 0.49cvss 7.5epss 0.03
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
- risk 0.27cvss 5.3epss 0.01
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It…
- risk 0.21cvss 4.3epss 0.01
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate…
- CVE-2025-43964Apr 20, 2025risk 0.00cvss —epss 0.00
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
- CVE-2025-43961Apr 20, 2025risk 0.00cvss —epss 0.00
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
- CVE-2025-43963Apr 20, 2025risk 0.00cvss —epss 0.00
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
- CVE-2025-43962Apr 20, 2025risk 0.00cvss —epss 0.00
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
- CVE-2020-22628Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
- CVE-2023-1729May 15, 2023risk 0.00cvss —epss 0.01
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
- CVE-2021-32142Feb 17, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
- CVE-2020-35533Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
- CVE-2020-35534Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
- CVE-2020-35535Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
- CVE-2020-35530Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
- CVE-2020-35531Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
- CVE-2020-35532Sep 1, 2022risk 0.00cvss —epss 0.00
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
- CVE-2020-24870Jun 2, 2021risk 0.00cvss —epss 0.02
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
- CVE-2020-24889Sep 16, 2020risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
- CVE-2020-24890Sep 16, 2020risk 0.00cvss —epss 0.02
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
- CVE-2020-15503Jul 2, 2020risk 0.00cvss —epss 0.04
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
- CVE-2020-15365Jun 28, 2020risk 0.00cvss —epss 0.01
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
- CVE-2015-8366Jan 14, 2020risk 0.00cvss —epss 0.05
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
- CVE-2019-16214Sep 11, 2019risk 0.00cvss —epss 0.01
Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which…
- CVE-2018-5817Feb 20, 2019risk 0.00cvss —epss 0.03
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
- CVE-2018-5819Feb 20, 2019risk 0.00cvss —epss 0.03
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
- CVE-2018-5818Feb 20, 2019risk 0.00cvss —epss 0.02
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
- CVE-2018-20364Dec 22, 2018risk 0.00cvss —epss 0.03
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
- CVE-2018-20365Dec 22, 2018risk 0.00cvss —epss 0.03
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
- CVE-2018-20363Dec 22, 2018risk 0.00cvss —epss 0.03
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
- CVE-2018-20337Dec 21, 2018risk 0.00cvss —epss 0.02
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
- CVE-2018-5808Dec 7, 2018risk 0.00cvss —epss 0.03
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
- CVE-2018-5805Dec 7, 2018risk 0.00cvss —epss 0.02
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
- CVE-2017-16910Dec 7, 2018risk 0.00cvss —epss 0.02
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
- CVE-2018-5815Dec 7, 2018risk 0.00cvss —epss 0.02
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
- CVE-2018-5804Dec 7, 2018risk 0.00cvss —epss 0.02
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
- CVE-2018-5811Dec 7, 2018risk 0.00cvss —epss 0.02
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
- CVE-2018-5812Dec 7, 2018risk 0.00cvss —epss 0.02
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
Page 1 of 2