RSS   Vulnerabilities for 'Libraw'   RSS

2020-09-16
 
CVE-2020-24890

CWE-476
 

 
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution.

 
 
CVE-2020-24889

CWE-120
 

 
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

 
2020-06-28
 
CVE-2020-15365

CWE-787
 

 
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

 
2020-01-14
 
CVE-2015-8367

CWE-665
 

 
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

 
 
CVE-2015-8366

CWE-129
 

 
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

 
2019-02-20
 
CVE-2018-5819

CWE-400
 

 
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

 
 
CVE-2018-5818

CWE-400
 

 
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

 
 
CVE-2018-5817

CWE-704
 

 
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

 
2018-12-22
 
CVE-2018-20365

CWE-119
 

 
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

 
 
CVE-2018-20364

CWE-476
 

 
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

 


Copyright 2020, cxsecurity.com

 

Back to Top