Lucene search

Veracode Vulnerability DatabaseVERACODE:37854

HistoryNov 09, 2022 - 9:13 a.m.

Denial Of Service (DoS)

2022-11-0909:13:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON

libraw.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a NULL pointer dereference in dcraw which allows an attacker to cause an application crash via a crafted photo file.

CPENameOperatorVersion
libraw.soeq5.0.0
libraw_r.soeq5.0.0
libraw.soeq5.0.0
libraw_r.soeq5.0.0

Name	Operator	Version
libraw.so	eq	5.0.0
libraw_r.so	eq	5.0.0
libraw.so	eq	5.0.0
libraw_r.so	eq	5.0.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236

github.com/advisories/GHSA-rcvp-8v7c-m59p

github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad

github.com/LibRaw/LibRaw/commit/9ae25d8c3a6bfb40c582538193264f74c9b93bc0

www.openwall.com/lists/oss-security/2013/08/29/3

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for VERACODE:37854