Libraw

libraw

65 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Libraw

libraw

63 CVEs

Libraw Demosaic Pack Gpl2

libraw-demosaic-pack-gpl2

2 CVEs

CVEs (65)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-35530 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
CVE-2020-24870 1Libraw 1Libraw Nov 21, 2024 Jun 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVE-2020-24890 1Libraw 1Libraw Nov 21, 2024 Sep 16, 2020 N/A· v4 5.5 MEDIUM· v3 2.6 LOW· v2 libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the...Show more libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain wayShow less
CVE-2020-24889 1Libraw 1Libraw Nov 21, 2024 Sep 16, 2020 N/A· v4 7.8 HIGH· v3 5.1 MEDIUM· v2 A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
CVE-2020-15503 3Debian FedoraprojectLibraw 3Debian Linux FedoraLibraw Nov 21, 2024 Jul 2, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength)...Show more LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.Show less
CVE-2020-15365 1Libraw 1Libraw Nov 21, 2024 Jun 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
CVE-2015-8367 1Libraw 1Libraw Nov 21, 2024 Jan 14, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
CVE-2015-8366 1Libraw 1Libraw Nov 21, 2024 Jan 14, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
CVE-2018-5819 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Feb 20, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2018-5818 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Feb 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-5817 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Feb 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-20365 1Libraw 1Libraw Nov 21, 2024 Dec 22, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
CVE-2018-20364 1Libraw 1Libraw Nov 21, 2024 Dec 22, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-20363 1Libraw 1Libraw Nov 21, 2024 Dec 22, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-20337 1Libraw 1Libraw Nov 21, 2024 Dec 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-5816 2Canonical Libraw 2Libraw Ubuntu Linux Nov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vu...Show more An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).Show less
CVE-2018-5815 2Canonical Libraw 2Libraw Ubuntu Linux Nov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
CVE-2018-5813 2Canonical Libraw 2Libraw Ubuntu Linux Nov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2018-5812 2Canonical Libraw 2Libraw Ubuntu Linux Nov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5811 2Canonical Libraw 2Libraw Ubuntu Linux Nov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Previous 123 4 Next