6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
Libraw.so is vulnerable to denial of service. An error in the parse_minolta()
function in dcraw/dcraw.c
allows an attacker to cause a denial of service condition in the process via an infinite loop using a specially crafted file.
github.com/LibRaw/LibRaw/blob/master/Changelog.txt
github.com/LibRaw/LibRaw/commit/8260dcf3db045923a5ca5c05170f9bc7a4bd971a
github.com/LibRaw/LibRaw/commit/e47384546b43d0fd536e933249047bc397a4d88b
secuniaresearch.flexerasoftware.com/advisories/83050/
secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
usn.ubuntu.com/3838-1/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C