Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libraw libraw vulnerabilities and exploits
(subscribe to this query)
231
VMScore
CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Libraw Libraw 0.20.0
454
VMScore
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Libraw Libraw
445
VMScore
CVE-2020-15503
LibRaw prior to 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Libraw Libraw 0.20
Libraw Libraw
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
383
VMScore
CVE-2020-15365
LibRaw prior to 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Libraw Libraw 0.20
668
VMScore
CVE-2015-8366
Array index error in smal_decode_segment function in LibRaw prior to 0.17.1 allows context-dependent malicious users to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Libraw Libraw
668
VMScore
CVE-2015-8367
The phase_one_correct function in Libraw prior to 0.17.1 allows malicious users to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
Libraw Libraw
694
VMScore
CVE-2018-5819
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions before 0.19.1 can be exploited to exhaust available CPU resources.
Libraw Libraw
Debian Debian Linux 8.0
445
VMScore
CVE-2018-5817
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions before 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
Libraw Libraw
Debian Debian Linux 8.0
445
VMScore
CVE-2018-5818
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions before 0.19.1 can be exploited to trigger an infinite loop.
Libraw Libraw
Debian Debian Linux 8.0
383
VMScore
CVE-2018-20364
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Libraw Libraw
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »