Libraw Security Vulnerabilities and Issues — Libraw CVE List

Lucene search

LibrawLibraw

6 matches found

CVE•added 2020/07/02 2:15 p.m.•233 views

CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

7.5CVSS7.4AI score0.0077EPSS

CVE•added 2020/01/14 4:15 p.m.•90 views

CVE-2015-8367

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

9.8CVSS9.4AI score0.01602EPSS

CVE•added 2020/01/14 4:15 p.m.•77 views

CVE-2015-8366

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

9.8CVSS9.4AI score0.01277EPSS

CVE•added 2020/09/16 3:15 p.m.•70 views

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way

5.5CVSS6AI score0.00429EPSS

CVE•added 2020/09/16 3:15 p.m.•41 views

CVE-2020-24889

A buffer overflow vulnerability in LibRaw version

7.8CVSS7.8AI score0.00931EPSS

CVE•added 2020/06/28 1:15 p.m.•38 views

CVE-2020-15365

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

6.5CVSS6.5AI score0.00284EPSS