Denial Of Service (DoS)

2019-01-1100:35:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

libraw.so is vulnerable to denial of service. An infinite loop in the function parse_sinar_ia in internal/dcraw_common.cpp allows an attacker to cause a denial of service condition in the process.

CPENameOperatorVersion
libraw.soeq5.0.0
desktop-file-utilseq0.23__1.el7
gnome-shelleq3.26.2__5.el7
gnome-shelleq3.28.3__6.el7
gnome-shelleq3.22.3__18.el7_4
libgnomekbdeq3.26.0__1.el7
nautiluseq3.26.3.1__2.el7
libkdcraweq4.10.5__5.el7
gnome-sessioneq3.26.1__11.el7
gnome-sessioneq3.28.1__6.el7

Name	Operator	Version
libraw.so	eq	5.0.0
desktop-file-utils	eq	0.23__1.el7
gnome-shell	eq	3.26.2__5.el7
gnome-shell	eq	3.28.3__6.el7
gnome-shell	eq	3.22.3__18.el7_4
libgnomekbd	eq	3.26.0__1.el7
nautilus	eq	3.26.3.1__2.el7
libkdcraw	eq	4.10.5__5.el7
gnome-session	eq	3.26.1__11.el7
gnome-session	eq	3.28.1__6.el7