First published: Sat Feb 10 2018(Updated: )
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dcraw Project Dcraw | <=9.28 | |
SUSE SUSE Linux Enterprise Desktop | =12-sp3 | |
SUSE SUSE Linux Enterprise Desktop | =12-sp4 | |
SUSE SUSE Linux Enterprise Server | =11-sp4 | |
SUSE SUSE Linux Enterprise Server | =12-sp3 | |
SUSE SUSE Linux Enterprise Server | =12-sp4 | |
debian/dcraw | 9.28-2 9.28-3 9.28-7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19655 is a vulnerability that allows a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
CVE-2018-19655 affects dcraw versions up to and including 9.28.
CVE-2018-19655 affects ufraw version 0.22-4.
Yes, the vulnerability has been patched in dcraw versions 9.28-2 and 9.28-3.
Yes, the vulnerability has been patched in ufraw version 0.22-4.