SUSE CVE-2020-35532

In LibRaw, an out-of-bounds read vulnerability exists within the "simpledecoderow" function libraw\src\x3f\x3futilspatched.cpp which can be triggered via an image with a large rowstride field...

SUSE CVE-2020-35534

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData" function libraw\src\decoders\crx.cpp when processing cr3 files...

SUSE CVE-2020-35535

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF" function libraw\src\metadata\sony.cpp when processing srf files...

OSV-2023-55 Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::applytiff LibRaw::parsejpeg LibRaw::identify...

PT-2023-35899 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the involvement of specific functions: apply tiff, parse jpeg, and identify. Recommendations: ...

Vulnerability of components decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, utils/thumb_utils.cpp – libraries for image processing in LibRaw. This allows a hacker to trigger a service failure.

The vulnerabilities in the components decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp of the LibRaw image processing library are related to the lack of checks for thumbnail size ranges. Exploiting these vulnerabilities allows a remote attacker to cause service...

openSUSE 15 Security Update : dcraw (SUSE-SU-2022:1277-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1277-1 advisory. - There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of servic...

Debian: Security Advisory (DLA-3214-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3214 : libraw-bin - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3214 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3214-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3214-1] libraw security update

Debian LTS Advisory DLA-3214-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne November 30, 2022 https://wiki.debian.org/LTS Package : libraw Version : 0.19.2-2+deb10u2 CVE ID : CVE-2020-15503 This update adds size checks to thumbnail extraction. Prior to these...

DLA-3214-1 libraw - security update

Bulletin has no description...

Vulnerability of the new_node() function (libraw\src\x3f\x3futils_patched.cpp) in the LibRaw image processing library, which allows a hacker to trigger a service failure

The vulnerability of the newnode function libraw\src\x3f\x3futilspatched.cpp in the LibRaw image processing library is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

OSV-2022-1159 Heap-buffer-overflow in LibRaw_buffer_datastream::read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53158 Crash type: Heap-buffer-overflow WRITE Crash state: LibRawbufferdatastream::read LibRaw::uncompressedfpdngloadraw LibRaw::unpack...

PT-2022-36757 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include a crash type of Heap-buffer-overflow WRITE and a crash state involving the LibRaw buffer...

Ubuntu 18.04 LTS / 20.04 LTS : LibRaw vulnerabilities (USN-5715-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5715-1 advisory. It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted...

Ubuntu: Security Advisory (USN-5715-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5715-1 libraw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-5715-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

OSV-2022-1141 Heap-buffer-overflow in LibRaw::phase_one_correct

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53039 Crash type: Heap-buffer-overflow READ 4 Crash state: LibRaw::phaseonecorrect LibRaw::raw2imageex LibRaw::dcrawprocess...

Out-of-Bounds Read

libRaw is vulnerable to out-of-bounds reads. The vulnerability is within the LibRaw::parseSonySRF function of sony.cpp when processing srf files causing an application crash...