CVE-2018-5804: Divide by Zero
First published: Fri Dec 07 2018(Updated: )
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libraw Libraw | <0.18.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5804?
CVE-2018-5804 is a vulnerability in LibRaw versions prior to 0.18.8 that allows an attacker to trigger a division by zero by exploiting a type confusion error in the "identify()" function.
How severe is CVE-2018-5804?
CVE-2018-5804 has a severity score of 6.5 (medium).
How can I exploit CVE-2018-5804?
To exploit CVE-2018-5804, an attacker needs to trigger a division by zero by exploiting the type confusion error in the "identify()" function of LibRaw.
What is the affected software?
The affected software is LibRaw versions prior to 0.18.8.
How can I fix CVE-2018-5804?
To fix CVE-2018-5804, update LibRaw to version 0.18.8 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-5804?
The CWE ID for CVE-2018-5804 is CWE-369 and CWE-704.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/libraw
- canonical/libraw libraw