PT-2018-15033 · Ufraw+3 · Ufraw-Batch+3

Josef Ridky

Publicado

2018-06-06

Atualizado

2024-11-08

CVE-2018-19655

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dcraw versions through 9.28 ufraw-batch (affected versions not specified)

Description A stack-based buffer overflow in the find green() function may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

Recommendations For dcraw versions through 9.28, update to a version that fixes the issue in the find green() function. For ufraw-batch, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2018-1857

CVE-2018-19655

MGASA-2020-0157

OESA-2024-2363

OESA-2024-2364

OESA-2024-2365

OESA-2024-2366

OPENSUSE-SU-2022_1277-1

OPENSUSE-SU-2024:10712-1

OPENSUSE-SU-2024:11480-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Produtos afetados

Alt Linux

Suse

Dcraw

Ufraw-Batch

PT-2018-15033 · Ufraw+3 · Ufraw-Batch+3

CVE-2018-19655

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55