First published: Thu Aug 02 2018(Updated: )
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Credit: PSIRT-CNA@flexerasoftware.com PSIRT-CNA@flexerasoftware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libraw Libraw | <0.18.9 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
ubuntu/libraw | <0.18.8-1ubuntu0.2 | 0.18.8-1ubuntu0.2 |
ubuntu/libraw | <0.17.1-1ubuntu0.4 | 0.17.1-1ubuntu0.4 |
debian/libraw | 0.19.2-2 0.19.2-2+deb10u4 0.20.2-1+deb11u1 0.20.2-2.1 0.21.2-2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-5811.
The vulnerability is caused by an error in the "nikon_coolscan_load_raw()" function in LibRaw, allowing for an out-of-bounds read memory access and subsequent crash.
CVE-2018-5811 has a severity level of 6.5 (medium).
LibRaw versions prior to 0.18.9 are affected.
To fix this vulnerability, update LibRaw to version 0.18.9 or later.