First published: Mon Nov 26 2018(Updated: )
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dcraw Project Dcraw | <=9.28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19565 is a vulnerability that allows attackers to crash an application or leak private information by exploiting a buffer over-read in the dcraw code.
CVE-2018-19565 affects the Dcraw software version 9.28 and prior, allowing attackers to exploit a buffer over-read vulnerability.
CVE-2018-19565 has a severity rating of 7.1 (high).
An attacker can exploit CVE-2018-19565 by supplying malicious files to an application that uses the vulnerable dcraw code, causing it to crash or leak private information.
At the moment, there is no fix available for CVE-2018-19565. It is recommended to update to a newer version of the Dcraw software once a fix is released.