First published: Mon Nov 26 2018(Updated: )
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dcraw Project Dcraw | <=9.28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-19567.
CVE-2018-19567 has a severity level of medium with a value of 5.5.
Attackers can exploit CVE-2018-19567 by supplying malicious files to crash an application that uses dcraw through version 9.28.
All versions of dcraw up to and including 9.28 are affected by CVE-2018-19567.
Yes, make sure to update to a version of dcraw that is after 9.28 to mitigate CVE-2018-19567.