USN-3838-1: LibRaw vulnerabilities

🗓️ 06 Dec 2018 02:25:05Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 69 Views

LibRaw vulnerability in Ubuntu 18.04 ESM, 16.04 ESM, and 14.04 ES

Reporter	Title	Published	Views	Family All 140
BDU FSTEC	The vulnerability of the Nikon_coolscan_load_raw() function in the internal/dcraw_common.cpp component of the LibRaw image processing library, which allows a hacker to trigger a service failure.	23 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the rollei_load_raw() function in the internal/dcraw_common.cpp component of the LibRaw image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.	23 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to trigger a service failure.	23 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the dcraw/dcraw.c component of the LibRaw image processing library, which allows a hacker to cause a service failure.	28 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.	28 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component of the LibRaw image processing library, which involves reading data beyond the permissible buffer limits, allows an attacker to access confidential data, compromise its integrity, and cause service failures.	28 Sep 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to trigger a service failure.	14 Nov 202300:00	–	bdu_fstec
CNVD	LibRaw 'rollei_load_raw()' function heap buffer overflow vulnerability	26 Oct 201800:00	–	cnvd
CNVD	LibRaw 'parse_minolta()' function denial of service vulnerability	26 Oct 201800:00	–	cnvd
CNVD	LibRaw 'parse_qt()' function integer overflow vulnerability	10 Dec 201800:00	–	cnvd

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	amd64	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_amd64.deb
Ubuntu	14.04	arm64	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_arm64.deb
Ubuntu	14.04	armhf	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_armhf.deb
Ubuntu	14.04	i386	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_i386.deb
Ubuntu	14.04	powerpc	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_powerpc.deb
Ubuntu	14.04	ppc64el	libraw-bin	0.15.4-1ubuntu0.3	libraw-bin_0.15.4-1ubuntu0.3_ppc64el.deb
Ubuntu	16.04	any	libraw-bin	0.17.1-1ubuntu0.4	libraw-bin_0.17.1-1ubuntu0.4_any.deb
Ubuntu	18.04	any	libraw-bin	0.18.8-1ubuntu0.2	libraw-bin_0.18.8-1ubuntu0.2_any.deb
Ubuntu	14.04	amd64	libraw-bin-dbgsym	0.15.4-1ubuntu0.3	libraw-bin-dbgsym_0.15.4-1ubuntu0.3_amd64.deb
Ubuntu	14.04	arm64	libraw-bin-dbgsym	0.15.4-1ubuntu0.3	libraw-bin-dbgsym_0.15.4-1ubuntu0.3_arm64.deb

06 Dec 2018 02:25Current

6.8Medium risk

Vulners AI Score6.8

CVSS 27.1

CVSS 38.8

CVSS 3.16.5

EPSS0.02194

libraw ubuntu photo files remote attacker denial of service arbitrary code