Advisory ROSA-SA-2021-1821

Software: dcraw 9.19
OS: Cobalt 7.9

CVE-ID: CVE-2018-19565
CVE-Crit: HIGH
CVE-DESC: Buffer re-reading in crop_masked_pixels in dcraw before 9.28 could have been used by attackers who could provide malicious files to crash the application that binds the dcraw code or leak private information.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19566
CVE-Crit: HIGH
CVE-DESC: Excessive heap buffer reads in parse_tiff_ifd in dcraw before 9.28 could have been exploited by attackers capable of providing malicious files to crash the application that binds the dcraw code or leak private information.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19567
CVE-Crit: MEDIUM
CVE-DESC: The floating point exception in parse_tiff_ifd in dcraw before 9.28 could have been exploited by attackers capable of providing malicious files to crash an application that binds dcraw code.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19568
CVE-Crit: MEDIUM
CVE-DESC: The floating point exception in kodak_radc_load_raw in dcraw before 9.28 could have been used by attackers who could provide malicious files to crash an application that binds dcraw code.
CVE-STATUS: default
CVE-REV: default