Shodan
Vulnerabilities
Vulnerable Software
Libraw:  >> Libraw  >> 0.17.2  Security Vulnerabilities
CVE-2018-5813
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-07
CVE-2018-5815
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-07
CVE-2018-5816
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
CVSS Score
6.5
EPSS Score
0.004
Published
2018-12-07
CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-12-07
CVE-2017-16910
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-07
CVE-2018-5800
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVSS Score
6.5
EPSS Score
0.023
Published
2018-12-07
CVE-2018-5801
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.014
Published
2018-12-07
CVE-2018-5802
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-12-07
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-07
CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved