Shodan
Vulnerabilities
Vulnerable Software
Libraw:  >> Libraw  >> 0.16.2  Security Vulnerabilities
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-07
CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-12-07
CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-07
CVE-2018-5807
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-12-07
CVE-2017-14608
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-09-20
CVE-2017-14348
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-12
CVE-2017-14265
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-09-11
CVE-2017-6886
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-05-16
CVE-2017-6887
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-05-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved