Alextutubalin

#8452de 53,633
32.5CVSS total
Vulnerabilidades · 4
Alta
3
Crítica
1
PT-2018-3969
7.8
2018-06-08
Libraw · Libraw · CVE-2018-5815
**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.12 **Description** The issue is related to an integer overflow error within the `parse qt()` function in the internal/dcraw common.cpp component of the LibRaw image processing library. This error can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For versions prior to 0.18.12, update to version 0.18.12 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `parse qt()` function until a patch is available.
PT-2018-3832
7.1
2018-05-10
Libraw · Libraw · CVE-2018-5813
**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.11 **Description** The issue is related to an error in the `parse minolta()` function within the dcraw/dcraw.c component of the LibRaw image processing library. This error can be exploited by a remote attacker using a specially crafted file to trigger an infinite loop, leading to a denial of service. **Recommendations** For versions prior to 0.18.11, update to version 0.18.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parse minolta()` function in the dcraw/dcraw.c component until a patch is available.
PT-2017-17395
9.8
2017-03-13
Libraw · Libraw · CVE-2017-6886
**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.2 **Description** The issue is related to an error within the `parse tiff ifd()` function, located in internal/dcraw common.cpp, which can be exploited to corrupt memory. **Recommendations** For versions prior to 0.18.2, update to version 0.18.2 or later to resolve the issue.
PT-2017-17396
7.8
2017-03-13
Libraw · Libraw · CVE-2017-6887
**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.2 **Description** A boundary error within the `parse tiff ifd()` function can be exploited to cause memory corruption via a specially crafted file, such as a KDC file with the model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. **Recommendations** For versions prior to 0.18.2, update to version 0.18.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parse tiff ifd()` function until a patch is available.