PT-2018-3826 · Libraw+3 · Libraw+3
Alexutubalin
·
Publicado
2018-04-24
·
Atualizado
2022-01-29
·
CVE-2018-5810
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
LibRaw versions prior to 0.18.9
Description
The issue is related to an error within the
rollei load raw() function in the internal/dcraw common.cpp component of LibRaw, which can cause a heap-based buffer overflow. This can lead to a crash and potentially allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.Recommendations
For versions prior to 0.18.9, update to version 0.18.9 or later to resolve the issue.
As a temporary workaround, consider disabling the
rollei load raw() function until a patch is available.Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Libraw
Suse
Ubuntu