CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19655

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/

Products affected by CVE-2018-19655

Dcraw Project » Dcraw » Version: 7.00

cpe:2.3:a:dcraw_project:dcraw:7.00
Dcraw Project » Dcraw » Version: 9.28

cpe:2.3:a:dcraw_project:dcraw:9.28
Suse » Suse Linux Enterprise Desktop » Version: 12

cpe:2.3:o:suse:suse_linux_enterprise_desktop:12
Suse » Suse Linux Enterprise Server » Version: 11

cpe:2.3:o:suse:suse_linux_enterprise_server:11
Suse » Suse Linux Enterprise Server » Version: 12

cpe:2.3:o:suse:suse_linux_enterprise_server:12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19655

Products

Pricing

Contact Us