Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2023-1729

Published: 15/05/2023 Updated: 22/12/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libraw

Vulnerability Summary

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libraw libraw

fedoraproject fedora 37

fedoraproject fedora 38

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: libraw: CVE-2023-1729
Debian Bug report logs - #1036281 libraw: CVE-2023-1729 Package: src:libraw; Maintainer for src:libraw is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Affects: darktable Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 18 May 2023 13:24:01 UTC Severity: grave Tags: security, ...
Debian Security Advisories: DSA-5412-1 libraw -- security update
Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed For the stable distribution (bullseye), these problems have been fixed in version 0202-1+deb11u1 We recommend th ...
Amazon Linux 2: ALAS2-2023-2234
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dngcpp) when reading data from the image file (CVE-2020-35533) A flaw was found in LibRaw A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to application crash (CVE-2023-1729) ...

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=2188240https://github.com/LibRaw/LibRaw/issues/557https://lists.debian.org/debian-lts-announce/2023/05/msg00025.htmlhttps://www.debian.org/security/2023/dsa-5412https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/https://security.gentoo.org/glsa/202312-08https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5412
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook