7 matches found
CVE-2021-3624
The CVE-2021-3624 issue is confirmed in connected sources as an integer overflow in dcraw that allows arbitrary code execution when processing crafted X3F images. Amazon Linux 2 advisories ALAS2-2025-3017 and ALAS2-2025-3016 link this to dcraw (and LibRaw) and specify patched packages: dcraw 9.19...
CVE-2015-3885
CVE-2015-3885 affects dcraw/libraw: integer overflow in ljpeg_start (len) causing DoS via crafted image. Documented in multiple advisories (Ubuntu USN-3492-1; SUSE/SLES updates; Red Hat dcraw advisories). Affected components include dcraw and LibRaw; remediation typically via vendor security upda...
CVE-2018-19655
CVE-2018-19655 is a stack-based overflow in the find_green() function of dcraw (up to version 9.28) that can be triggered by a malicious raw image and may allow remote control-flow hijack, DoS, or other impact when dcraw is used by apps such as ufraw-batch. Connected sources corroborate the flaw ...
CVE-2018-19568
The CVE-2018-19568 issue affects the dcraw code (kodak_radc_load_raw) used by applications bundling dcraw; a floating point exception could crash the host app when fed malicious files. Public details in connected docs confirm the vulnerability is in dcraw up through version 9.28 and that openSUSE...
CVE-2018-19565
CVE-2018-19565 is a vulnerability in LibRaw/dcraw (up to dcraw 9.28) caused by a buffer over-read in crop_masked_pixels, which can allow a crafted image to crash the host application that bundles the dcraw code or leak private information. The Connected documents (Red Hat, openSUSE, SUSE security...
CVE-2018-19567
CVE-2018-19567 stems from a floating point exception in parse_tiff_ifd within dcraw up to version 9.28. The issue could be triggered by processing malicious TIFFs in environments that bundle dcraw code, potentially crashing the host application that uses these components. The Connected documents ...
CVE-2018-19566
CVE-2018-19566 is a heap buffer over-read in parse_tiff_ifd in the dcraw code (up to version 9.28). Exploitation could crash the host application or leak private information when processing malicious TIFF files. Connected sources indicate fixes in dcraw-9.28.0-2.1 (openSUSE), but no vendor-specif...