Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libraw libraw vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.8 can be exploited to trigger a division by zero.
Libraw Libraw
7.8
CVSSv3
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Libraw Libraw
6.5
CVSSv3
CVE-2020-22628
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
Libraw Libraw
7.5
CVSSv3
CVE-2020-15503
LibRaw prior to 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Libraw Libraw 0.20
Libraw Libraw
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2021-32142
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows malicious user to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Libraw Libraw 0.20.0
5.5
CVSSv3
CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Libraw Libraw 0.20.0
8.8
CVSSv3
CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Libraw Libraw 0.19.1
7.5
CVSSv3
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Libraw Libraw 0.18.2
6.5
CVSSv3
CVE-2020-15365
LibRaw prior to 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Libraw Libraw 0.20
9.8
CVSSv3
CVE-2017-6890
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 prior to 0.18.2 can be exploited to cause a stack-based buffer overflow.
Libraw Libraw-demosaic-pack-gpl2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »