CVE-2018-5813

CVE-2018-5813 concerns LibRaw’s parse_minolta() in dcraw/dcraw.c. Affected: LibRaw versions prior to 0.18.11. An attacker can exploit this via a crafted file to trigger an infinite loop, as documented in Debian/DLA-2903 and accompanying Red Hat/Nessus references. Debian notes patching in older re...

CVE-2018-5809

LibRaw

CVE-2018-5812

CVE-2018-5812: In LibRaw, an error in nikon_coolscan_load_raw() (internal/dcraw_common.cpp) of LibRaw versions prior to 0.18.9 allows a NULL pointer dereference, potentially crashing the application. Affected is LibRaw pre-0.18.9 (details replicated across CVE lists and Debian/OSV entries). Mitig...

CVE-2018-5802

LibRaw contains an out-of-bounds read vulnerability in the kodak_radc_load_raw() function (internal/dcraw_common.cpp) due to a buf variable issue. This affects LibRaw versions prior to 0.18.7 and can lead to a crash. Remediation: upgrade LibRaw to version 0.18.7 or later (as specified in the CVE ...

CVE-2018-5807

CVE-2018-5807 affects LibRaw (libs for RAW image processing) via the Samsung_load_raw() path in internal/dcraw_common.cpp. Versions prior to 0.18.9 are vulnerable to an out-of-bounds memory read that can crash the application. Public details consistently reference the vulnerable function and vers...

CVE-2018-5804

LibRaw contains a type confusion vulnerability in the identify() function (internal/dcraw_common.cpp) that affects versions prior to 0.18.8. The issue can be exploited to trigger a division by zero, potentially causing a crash or denial of service. Affected software is LibRaw before the 0.18.8 pa...

CVE-2017-16909

CVE-2017-16909 affects LibRaw

CVE-2017-16910

CVE-2017-16910 is associated with LibRaw prior to 0.18.6, where the LibRaw::xtrans_interpolate() function in internal/dcraw_common.cpp can be exploited to cause an invalid read memory access and a Denial of Service. The connected documents confirm this CVE as part of LibRaw exposure and list rela...

CVE-2018-5816

CVE-2018-5816 is an integer overflow in LibRaw’s identify() (internal/dcraw_common.cpp) that can lead to division by zero via specially crafted NOKIARAW files; it is linked to an incomplete fix of CVE-2018-5804. The connected documents indicate LibRaw before 0.18.12 is affected, with remediation ...

CVE-2018-5811

CVE-2018-5811 affects LibRaw before 0.18.9, where the function nikon_coolscan_load_raw() in internal/dcraw_common.cpp can be exploited to cause an out-of-bounds memory read and crash. Concordant sources (Debian DLA-2903/OSV/NVD) describe this as part of a broader LibRaw set of vulnerabilities and...

CVE-2018-5808

CVE-2018-5808 affects LibRaw prior to version 0.18.9, where an issue in the find_green() function (internal/dcraw_common.cpp) can cause a stack-based buffer overflow and potentially allow arbitrary code execution. Public material in connected documents confirms LibRaw as the affected component an...

CVE-2018-5806

CVE-2018-5806 affects LibRaw (dcraw code) prior to 0.18.8, causing a NULL pointer dereference in leaf_hdr_load_raw() within internal/dcraw_common.cpp. Affected projects reference LibRaw/dcraw as the root cause; advisories indicate upgrading to LibRaw 0.18.8+ to remediate. Other related CVEs (e.g....

CVE-2018-5801

CVE-2018-5801 – LibRaw NULL pointer dereference . The provided documents identify LibRaw versions prior to 0.18.7 containing a vulnerability in the LibRaw::unpack() function (src/libraw_cxx.cpp) that can be exploited to trigger a NULL pointer dereference. This condition may allow crashes or denia...

CVE-2018-5801

An error within the "LibRaw::unpack" function src/librawcxx.cpp in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference...

CVE-2018-5815

CVE-2018-5815 affects LibRaw up to version 0.18.11 in the parse_qt() function (internal/dcraw_common.cpp). A specially crafted Apple QuickTime file can trigger an integer overflow that leads to an infinite loop, i.e., potential denial of service. Public details in connected documents confirm the ...

CVE-2018-5807

An error within the "samsungloadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash...

CVE-2018-5800

The vulnerability CVE-2018-5800 targets LibRaw, specifically the LibRaw::kodak_ycbcr_load_raw() function in internal/dcraw_common.cpp. It affects LibRaw versions prior to 0.18.7 and can cause a heap-based buffer overflow, leading to a crash. This is confirmed in the linked vulnerability set (CVE-...

CVE-2018-5810

CVE-2018-5810 is a LibRaw vulnerability affecting the rollei_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9. The issue is a heap-based buffer overflow that can cause a crash when processing certain input. Public detail in connected advisories confirms the vulne...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodakycbcrloadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash...

CVE-2018-5805

A boundary error within the "quicktake100loadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash...