First published: Tue May 08 2018(Updated: )
It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-10528) It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information. (CVE-2018-10529)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libraw16 | <0.18.8-1ubuntu0.1 | 0.18.8-1ubuntu0.1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/libraw16 | <0.18.2-2ubuntu0.3 | 0.18.2-2ubuntu0.3 |
Ubuntu Ubuntu | =17.10 | |
All of | ||
ubuntu/libraw15 | <0.17.1-1ubuntu0.3 | 0.17.1-1ubuntu0.3 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this advisory is CVE-2018-10528 and CVE-2018-10529.
The severity of CVE-2018-10528 is high.
The severity of CVE-2018-10529 is high.
An attacker can exploit CVE-2018-10528 by using a specially crafted file to execute arbitrary code.
An attacker can exploit CVE-2018-10529 by using a specially crafted file to obtain sensitive information.
LibRaw versions 0.18.8-1ubuntu0.1, 0.18.2-2ubuntu0.3, and 0.17.1-1ubuntu0.3 are affected by these vulnerabilities.
To fix the vulnerabilities in LibRaw, update to version 0.18.8-1ubuntu0.1 (for Ubuntu 18.04), 0.18.2-2ubuntu0.3 (for Ubuntu 17.10), or 0.17.1-1ubuntu0.3 (for Ubuntu 16.04).