Published: 14/01/2020 Updated: 24/01/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The phase_one_correct function in Libraw prior to 0.17.1 allows malicious users to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libraw libraw

Vendor Advisories

It was found that phase_one_correct function in libraw does not handle memory object’s initialization correctly, which may have unspecified impact ...
Debian Bug report logs - #806809 libraw: CVE-2015-8366 CVE-2015-8367 Package: src:libraw; Maintainer for src:libraw is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Dec 2015 19:09:06 UTC Severity: grave Tags: fixed-ups ...
LibRaw could be made to crash or run programs as your login if it opened a specially crafted file ...