Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dcraw vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2021-3624
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
Dcraw Project Dcraw 9.28-2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
632
VMScore
CVE-2018-5813
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions before 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
Libraw Libraw
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
605
VMScore
CVE-2018-19655
A stack-based buffer overflow in the find_green() function of dcraw up to and including 9.28, as used in ufraw-batch and many other products, may allow a remote malicious user to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted...
Dcraw Project Dcraw
Suse Suse Linux Enterprise Server 11
Suse Suse Linux Enterprise Server 12
Suse Suse Linux Enterprise Desktop 12
516
VMScore
CVE-2018-19565
A buffer over-read in crop_masked_pixels in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Dcraw Project Dcraw
516
VMScore
CVE-2018-19566
A heap buffer over-read in parse_tiff_ifd in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
Dcraw Project Dcraw
383
VMScore
CVE-2018-19567
A floating point exception in parse_tiff_ifd in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Dcraw Project Dcraw
383
VMScore
CVE-2018-19568
A floating point exception in kodak_radc_load_raw in dcraw up to and including 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Dcraw Project Dcraw
570
VMScore
CVE-2017-14608
In LibRaw up to and including 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
Libraw Libraw
668
VMScore
CVE-2017-14265
A Stack-based Buffer Overflow exists in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw prior to 0.18.3. It could allow a remote denial of service or code execution attack.
Libraw Libraw
383
VMScore
CVE-2015-3885
Integer overflow in the ljpeg_start function in dcraw 7.00 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
Dcraw Project Dcraw
Fedoraproject Fedora 21
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »