Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libraw vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-8366
Array index error in smal_decode_segment function in LibRaw prior to 0.17.1 allows context-dependent malicious users to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Libraw Libraw
8.8
CVSSv3
CVE-2020-24870
Libraw prior to 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Libraw Libraw
7.8
CVSSv3
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Libraw Libraw
7.5
CVSSv3
CVE-2020-15503
LibRaw prior to 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Libraw Libraw 0.20
Libraw Libraw
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2020-15365
LibRaw prior to 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Libraw Libraw 0.20
8.8
CVSSv3
CVE-2018-20337
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Libraw Libraw 0.19.1
7.8
CVSSv3
CVE-2021-32142
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows malicious user to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Libraw Libraw 0.20.0
7.5
CVSSv3
CVE-2017-13735
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Libraw Libraw 0.18.2
5.5
CVSSv3
CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
Libraw Libraw 0.20.0
9.8
CVSSv3
CVE-2017-6889
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 prior to 0.18.2 can be exploited to cause a heap-based buffer overflow.
Libraw Libraw-demosaic-pack-gpl2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »