CVE-2015-8367

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Libraw versions prior to 0.17.1

Description The issue is related to memory object initialization in the phase one correct function, which can cause memory errors and potentially allow attackers to execute arbitrary code.

Recommendations For versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the phase one correct function until a patch is available.

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALT-PU-2015-2049

CVE-2015-8367

MGASA-2015-0469

OPENSUSE-SU-2024:10156-1

SUSE-SU-2017:2300-1

SUSE-SU-2025:1380-1

USN-3492-1

Affected Products

Alt Linux

Libraw

Suse

Ubuntu

CVE-2015-8367

Weakness Enumeration

Related Identifiers

Affected Products

References · 65