Veracode Vulnerability DatabaseVERACODE:7994Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
Libraw.so is vulnerable to denial of service. An error in the parse_minolta() function in dcraw/dcraw.c allows an attacker to cause a denial of service condition in the process via an infinite loop using a specially crafted file.
References
github.com/LibRaw/LibRaw/blob/master/Changelog.txt
github.com/LibRaw/LibRaw/commit/8260dcf3db045923a5ca5c05170f9bc7a4bd971a
github.com/LibRaw/LibRaw/commit/e47384546b43d0fd536e933249047bc397a4d88b
secuniaresearch.flexerasoftware.com/advisories/83050/
secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
usn.ubuntu.com/3838-1/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C