PT-2018-3952 · Libraw+4 · Libraw+4

Laurent Delosieres

Publicado

2018-02-24

Atualizado

2024-06-15

CVE-2018-5805

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.18.8

Description The issue is related to a boundary error within the quicktake 100 load raw() function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a stack-based buffer overflow, causing a crash. Additionally, it may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the quicktake 100 load raw() function until a patch is available.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2018-1291

BDU:2023-07715

CESA-2018_3065

CVE-2018-5805

DLA-2903-1

MGASA-2022-0160

OPENSUSE-SU-2018_4299-1

OPENSUSE-SU-2022_1277-1

OPENSUSE-SU-2024:11997-1

RHSA-2018:3065

RHSA-2018_3065

SUSE-SU-2019:0002-1

SUSE-SU-2019_0002-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Produtos afetados

Alt Linux

Centos

Libraw

Red Hat

Suse

PT-2018-3952 · Libraw+4 · Libraw+4

CVE-2018-5805

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54