Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libraw vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-5804
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.8 can be exploited to trigger a division by zero.
Libraw Libraw
8.8
CVSSv3
CVE-2018-5809
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Libraw Libraw
6.5
CVSSv3
CVE-2018-20363
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Libraw Libraw
6.5
CVSSv3
CVE-2018-20364
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Libraw Libraw
9.8
CVSSv3
CVE-2015-8367
The phase_one_correct function in Libraw prior to 0.17.1 allows malicious users to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
Libraw Libraw
7.8
CVSSv3
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Libraw Libraw
6.5
CVSSv3
CVE-2020-22628
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
Libraw Libraw
9.8
CVSSv3
CVE-2015-8366
Array index error in smal_decode_segment function in LibRaw prior to 0.17.1 allows context-dependent malicious users to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
Libraw Libraw
8.8
CVSSv3
CVE-2020-24870
Libraw prior to 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Libraw Libraw
6.5
CVSSv3
CVE-2018-20365
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
Libraw Libraw
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »