Ufraw · Ufraw-Batch · CVE-2018-19655
**Name of the Vulnerable Software and Affected Versions**
dcraw versions through 9.28
ufraw-batch (affected versions not specified)
**Description**
A stack-based buffer overflow in the find green() function may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
**Recommendations**
For dcraw versions through 9.28, update to a version that fixes the issue in the find green() function.
For ufraw-batch, at the moment, there is no information about a newer version that contains a fix for this vulnerability.