Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-6887

Published: 16/05/2017 Updated: 04/11/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libraw

Vulnerability Summary

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libraw libraw

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2017-6886 CVE-2017-6887
Debian Bug report logs - #864183 CVE-2017-6886 CVE-2017-6887 Package: src:libraw; Maintainer for src:libraw is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 4 Jun 2017 21:33:01 UTC Severity: grave Tags: security Fixed in ver ...
Ubuntu Security Notice: libraw vulnerabilities
LibRaw could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-3950-1 libraw -- security update
Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file For the oldstable distribution (jessie), these problems have been fixed in version 0160-9+deb8u3 ...
Red Hat: CVE-2017-6887
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_commoncpp) in LibRaw versions before 0182 can be exploited to cause a memory corruption via eg a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs ...

References

CWE-119https://secuniaresearch.flexerasoftware.com/secunia_research/2017-6/https://secuniaresearch.flexerasoftware.com/advisories/75737/https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251http://www.securityfocus.com/bid/98592http://www.debian.org/security/2017/dsa-3950https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183https://usn.ubuntu.com/3492-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook