Published: 18/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dcraw project dcraw 9.28-2
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #984761 dcraw: CVE-2021-3624: buffer-overflow caused by integer-overflow in foveon_load_camf() Package: dcraw; Maintainer for dcraw is Debian Astronomy Team <debian-astro-maintainers@listsaliothdebianorg>; Source for dcraw is src:dcraw (PTS, buildd, popcon) Reported by: Wooseok Kang <kangwoosuk ...

There is a flaw in dcraw An attacker who is able to convince a victim to open a crafted file with dcraw could trigger an unsigned integer wraparound, leading to out-of-bounds write The greatest impact from this flaw is to system availability, data integrity, and data confidentiality ...

There is an integer overflow vulnerability in dcraw When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system The vulnerability resides in the foveon_load_camf() function in dcrawc ...

CWE-190 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-3624

CVE-2021-3624

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect