First published: Fri Dec 21 2018(Updated: )
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libraw Libraw | =0.19.1 | |
ubuntu/libraw | <0.18.8-1ubuntu0.3 | 0.18.8-1ubuntu0.3 |
ubuntu/libraw | <0.18.13-1ubuntu0.1 | 0.18.13-1ubuntu0.1 |
ubuntu/libraw | <0.19.2 | 0.19.2 |
debian/libraw | 0.19.2-2 0.19.2-2+deb10u4 0.20.2-1+deb11u1 0.20.2-2.1 0.21.2-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20337 is a vulnerability in LibRaw 0.19.1 that allows a crafted input to cause a denial of service or other unspecified impact.
CVE-2018-20337 has a severity of 8.8, which is considered high.
CVE-2018-20337 affects LibRaw 0.19.1 and possibly other versions.
You can fix CVE-2018-20337 on Ubuntu by updating to version 0.18.8-1ubuntu0.3, 0.18.13-1ubuntu0.1, or 0.19.2, depending on your Ubuntu release.
For Debian, you can fix CVE-2018-20337 by updating to version 0.19.2-2, 0.19.2-2+deb10u4, 0.20.2-1+deb11u1, 0.20.2-2.1, or 0.21.1-7 of the libraw package.