Lucene search
K
Dcraw ProjectDcraw

7 matches found

CVE
CVE
added 2022/04/18 4:20 p.m.123 views

CVE-2021-3624

The CVE-2021-3624 issue is confirmed in connected sources as an integer overflow in dcraw that allows arbitrary code execution when processing crafted X3F images. Amazon Linux 2 advisories ALAS2-2025-3017 and ALAS2-2025-3016 link this to dcraw (and LibRaw) and specify patched packages: dcraw 9.19...

9.3CVSS7.8AI score0.00847EPSS
CVE
CVE
added 2015/05/19 6:0 p.m.96 views

CVE-2015-3885

CVE-2015-3885 affects dcraw/libraw: integer overflow in ljpeg_start (len) causing DoS via crafted image. Documented in multiple advisories (Ubuntu USN-3492-1; SUSE/SLES updates; Red Hat dcraw advisories). Affected components include dcraw and LibRaw; remediation typically via vendor security upda...

4.3CVSS6.3AI score0.05434EPSS
CVE
CVE
added 2018/11/29 5:0 a.m.83 views

CVE-2018-19655

CVE-2018-19655 is a stack-based overflow in the find_green() function of dcraw (up to version 9.28) that can be triggered by a malicious raw image and may allow remote control-flow hijack, DoS, or other impact when dcraw is used by apps such as ufraw-batch. Connected sources corroborate the flaw ...

8.8CVSS8.1AI score0.02855EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.78 views

CVE-2018-19568

The CVE-2018-19568 issue affects the dcraw code (kodak_radc_load_raw) used by applications bundling dcraw; a floating point exception could crash the host app when fed malicious files. Public details in connected docs confirm the vulnerability is in dcraw up through version 9.28 and that openSUSE...

5.5CVSS6.1AI score0.00925EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.76 views

CVE-2018-19565

CVE-2018-19565 is a vulnerability in LibRaw/dcraw (up to dcraw 9.28) caused by a buffer over-read in crop_masked_pixels, which can allow a crafted image to crash the host application that bundles the dcraw code or leak private information. The Connected documents (Red Hat, openSUSE, SUSE security...

7.1CVSS7.2AI score0.01075EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.72 views

CVE-2018-19567

CVE-2018-19567 stems from a floating point exception in parse_tiff_ifd within dcraw up to version 9.28. The issue could be triggered by processing malicious TIFFs in environments that bundle dcraw code, potentially crashing the host application that uses these components. The Connected documents ...

5.5CVSS6.1AI score0.00925EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.69 views

CVE-2018-19566

CVE-2018-19566 is a heap buffer over-read in parse_tiff_ifd in the dcraw code (up to version 9.28). Exploitation could crash the host application or leak private information when processing malicious TIFF files. Connected sources indicate fixes in dcraw-9.28.0-2.1 (openSUSE), but no vendor-specif...

7.1CVSS7.2AI score0.01075EPSS