A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-05-15
Updated
2023-12-22
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Max CVSS
7.8
EPSS Score
0.07%
Published
2023-02-17
Updated
2023-05-28
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-09-01
Updated
2022-09-07
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-09-01
Updated
2022-09-07
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-09-01
Updated
2022-09-21
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-09-01
Updated
2022-09-29
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-09-01
Updated
2022-09-29
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2022-09-01
Updated
2022-09-29
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Max CVSS
5.5
EPSS Score
0.16%
Published
2020-09-16
Updated
2024-03-21
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.12%
Published
2020-09-16
Updated
2022-12-06
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Max CVSS
8.8
EPSS Score
0.27%
Published
2021-06-02
Updated
2022-12-09
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-09-10
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Max CVSS
7.5
EPSS Score
0.77%
Published
2020-07-02
Updated
2023-02-03
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Max CVSS
6.5
EPSS Score
0.13%
Published
2020-06-28
Updated
2020-07-06
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-12-22
Updated
2020-08-24
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Max CVSS
6.5
EPSS Score
0.21%
Published
2018-12-22
Updated
2019-05-21
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Max CVSS
6.5
EPSS Score
0.21%
Published
2018-12-22
Updated
2019-05-21
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Max CVSS
8.8
EPSS Score
0.30%
Published
2018-12-21
Updated
2020-08-24
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
Max CVSS
8.8
EPSS Score
0.32%
Published
2018-04-29
Updated
2018-06-04
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
Max CVSS
8.8
EPSS Score
0.47%
Published
2018-04-29
Updated
2020-10-15
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
Max CVSS
7.8
EPSS Score
0.43%
Published
2019-02-20
Updated
2019-05-21
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
Max CVSS
7.5
EPSS Score
0.43%
Published
2019-02-20
Updated
2020-08-24
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
Max CVSS
7.5
EPSS Score
0.43%
Published
2019-02-20
Updated
2019-05-21
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
Max CVSS
7.1
EPSS Score
0.34%
Published
2018-12-07
Updated
2019-01-03
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
Max CVSS
7.1
EPSS Score
0.34%
Published
2018-12-07
Updated
2019-01-03
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!