Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dcraw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1438
Unspecified vulnerability in dcraw 0.8.x up to and including 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent malicious users to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3)...
Dave Coffin Dcraw 0.8.6
Dave Coffin Dcraw 0.8.5
Dave Coffin Dcraw 0.8.4
Dave Coffin Dcraw 0.8.3
Dave Coffin Dcraw 0.8.9
Dave Coffin Dcraw 0.8.2
Dave Coffin Dcraw 0.8.1
Dave Coffin Dcraw 0.8.8
Dave Coffin Dcraw 0.8.7
Dave Coffin Dcraw 0.8.0
7.1
CVSSv3
CVE-2018-19565
A buffer over-read in crop_masked_pixels in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Dcraw Project Dcraw
7.1
CVSSv3
CVE-2018-19566
A heap buffer over-read in parse_tiff_ifd in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Dcraw Project Dcraw
5.5
CVSSv3
CVE-2018-19567
A floating point exception in parse_tiff_ifd in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Dcraw Project Dcraw
5.5
CVSSv3
CVE-2018-19568
A floating point exception in kodak_radc_load_raw in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Dcraw Project Dcraw
NA
CVE-2015-3885
Integer overflow in the ljpeg_start function in dcraw 7.00 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
Dcraw Project Dcraw
Fedoraproject Fedora 21
7.8
CVSSv3
CVE-2021-3624
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
Dcraw Project Dcraw 9.28-2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2018-19655
A stack-based buffer overflow in the find_green() function of dcraw up to and including 9.28, as used in ufraw-batch and many other products, may allow a remote malicious user to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted...
Dcraw Project Dcraw
Suse Suse Linux Enterprise Server 11
Suse Suse Linux Enterprise Server 12
Suse Suse Linux Enterprise Desktop 12
6.5
CVSSv3
CVE-2018-5813
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions before 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
Libraw Libraw
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
9.1
CVSSv3
CVE-2017-14608
In LibRaw up to and including 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
Libraw Libraw
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »