Latest libraw libraw Vulnerabilities

CVE-2020-22628
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
Libraw Libraw<2019-11-20
ubuntu/libraw<0.20.0-4
ubuntu/libraw<0.19.5-1ubuntu1.3
debian/libraw<=0.19.2-2
CVE-2023-1729
There exists heap-buffer-overflow when using function raw2image_ex(int).
debian/libraw<=0.19.2-2
Libraw Libraw<2023-01-14
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 1 more
CVE-2021-32142
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Libraw Libraw=0.20.0
debian/libraw<=0.19.2-2
debian/libraw<=0.20.2-1<=0.20.2-2
CVE-2020-35535
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
CVE-2020-35530
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
Debian Debian Linux=10.0
CVE-2020-35533
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
Debian Debian Linux=10.0
CVE-2020-35532
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field...
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
Debian Debian Linux=10.0
CVE-2020-35531
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
Debian Debian Linux=10.0
CVE-2020-35534
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
Libraw Libraw=0.20.0
Libraw Libraw=0.20.0-rc2
Libraw Libraw=0.20.1
Libraw Libraw=0.20.2
Libraw Libraw=0.21.0-beta1
CVE-2020-24870
Libraw Libraw<0.20.1
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Libraw Libraw<0.20.0
CVE-2020-24890
** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerabi...
Libraw Libraw=0.20.0
=0.20.0
CVE-2020-15503
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_...
redhat/LibRaw<0.20
Libraw Libraw<=0.19.5
Libraw Libraw=0.20-beta1
Libraw Libraw=0.20-beta2
Libraw Libraw=0.20-beta3
Fedoraproject Fedora=31
and 2 more
CVE-2020-15365
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Libraw Libraw=0.20-beta3
CVE-2015-8367
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
Libraw Libraw<0.17.1
CVE-2015-8366
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Libraw Libraw<0.17.1
CVE-2018-5819
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
Libraw Libraw<0.19.1
Debian Debian Linux=8.0
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.1-1
ubuntu/libraw<0.17.1-1ubuntu0.5
and 1 more
CVE-2018-5817
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
Libraw Libraw<0.19.1
Debian Debian Linux=8.0
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.1-1
ubuntu/libraw<0.17.1-1ubuntu0.5
and 1 more
CVE-2018-5818
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
Libraw Libraw<0.19.1
Debian Debian Linux=8.0
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.1-1
ubuntu/libraw<0.17.1-1ubuntu0.5
and 1 more
CVE-2018-20364
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Libraw Libraw<=0.19.1
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.2-2
ubuntu/libraw<0.17.1-1ubuntu0.5
debian/libraw
CVE-2018-20363
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Libraw Libraw<=0.19.1
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.2-2
ubuntu/libraw<0.17.1-1ubuntu0.5
debian/libraw
CVE-2018-20365
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
Libraw Libraw<=0.19.1
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.2-2
ubuntu/libraw<0.17.1-1ubuntu0.5
debian/libraw
CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Libraw Libraw=0.19.1
ubuntu/libraw<0.18.8-1ubuntu0.3
ubuntu/libraw<0.18.13-1ubuntu0.1
ubuntu/libraw<0.19.2
debian/libraw
CVE-2018-5809
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbi...
Libraw Libraw<0.18.9
CVE-2018-5808
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary co...
Libraw Libraw<0.18.9
Debian Debian Linux=8.0
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
Libraw Libraw<0.18.8
CVE-2018-5810
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Libraw Libraw<0.18.9
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.15.4-1ubuntu0.3
ubuntu/libraw<0.18.8-1ubuntu0.2
and 2 more
CVE-2018-5812
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
Libraw Libraw<0.18.9
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.17.1-1ubuntu0.4
and 1 more
CVE-2018-5811
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently c...
Libraw Libraw<0.18.9
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.17.1-1ubuntu0.4
and 1 more
CVE-2018-5807
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a ...
Libraw Libraw<0.18.9
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.15.4-1ubuntu0.3
and 2 more
CVE-2018-5813
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
Libraw Libraw<0.18.11
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.15.4-1ubuntu0.3
and 2 more
CVE-2018-5816
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW...
Libraw Libraw<0.18.12
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.17.1-1ubuntu0.4
and 1 more
CVE-2018-5815
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple Qu...
Libraw Libraw<0.18.12
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/libraw<0.18.8-1ubuntu0.2
ubuntu/libraw<0.17.1-1ubuntu0.4
and 1 more
CVE-2018-5806
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
redhat/LibRaw<0.18.8
Libraw Libraw<0.18.8
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
CVE-2018-5805
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently ...
redhat/LibRaw<0.18.8
Libraw Libraw<0.18.8
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
CVE-2018-10529
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=17.10
Canonical Ubuntu Linux=18.04
Libraw Libraw=0.18.9
ubuntu/libraw<0.18.8-2ubuntu1
ubuntu/libraw<0.18.8-2ubuntu1
and 13 more
CVE-2018-10528
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=17.10
Canonical Ubuntu Linux=18.04
Libraw Libraw=0.18.9
ubuntu/libraw<0.18.8-2ubuntu1
ubuntu/libraw<0.18.8-2ubuntu1
and 13 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203