PT-2018-3833 · Libraw+5 · Libraw+5
Laurent Delosieres
·
Publicado
2018-01-16
·
Atualizado
2022-01-29
·
CVE-2018-5802
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
LibRaw versions prior to 0.18.7
Description
The issue is related to an error in the
kodak radc load raw() function, specifically with the buf variable, which can cause an out-of-bounds read memory access, leading to a crash. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.Recommendations
For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue.
As a temporary workaround, consider disabling the
kodak radc load raw() function until a patch is available.Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Libraw
Red Hat
Suse
Ubuntu