CVE-2018-5809: Buffer Overflow
First published: Fri Dec 07 2018(Updated: )
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libraw Libraw | <0.18.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5809?
CVE-2018-5809 is a vulnerability in the LibRaw library that allows an attacker to execute arbitrary code by causing a stack-based buffer overflow.
How does CVE-2018-5809 work?
CVE-2018-5809 occurs when there is an error within the LibRaw::parse_exif() function in LibRaw versions prior to 0.18.9, which can be exploited to trigger a stack-based buffer overflow and execute arbitrary code.
Which software versions are affected by CVE-2018-5809?
LibRaw versions prior to 0.18.9 are affected by CVE-2018-5809.
What is the severity of CVE-2018-5809?
CVE-2018-5809 has a severity rating of 8.8 (high).
How can CVE-2018-5809 be fixed?
To fix CVE-2018-5809, users should update to LibRaw version 0.18.9 or newer.
- collector/nvd-index
- vendor/libraw
- canonical/libraw libraw