Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libraw libraw vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.8 can be exploited to trigger a division by zero.
Libraw Libraw
605
VMScore
CVE-2018-5809
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Libraw Libraw
668
VMScore
CVE-2013-2127
Buffer overflow in the exposure correction code in LibRaw prior to 0.15.1 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Libraw Libraw
445
VMScore
CVE-2020-15503
LibRaw prior to 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Libraw Libraw 0.20
Libraw Libraw
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
445
VMScore
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Libraw Libraw 0.18.2
383
VMScore
CVE-2020-15365
LibRaw prior to 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Libraw Libraw 0.20
231
VMScore
CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Libraw Libraw 0.20.0
NA
CVE-2021-32142
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows malicious user to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Libraw Libraw 0.20.0
605
VMScore
CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Libraw Libraw 0.19.1
668
VMScore
CVE-2017-6889
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 prior to 0.18.2 can be exploited to cause a heap-based buffer overflow.
Libraw Libraw-demosaic-pack-gpl2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »