CVE-2017-16909

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.18.6

Description The issue is related to the LibRaw::panasonic load raw() function in the dcraw common.cpp component of the LibRaw image processing library. It can be exploited to cause a heap-based buffer overflow, potentially leading to a crash or allowing a remote attacker to access confidential data, compromise its integrity, or cause a denial of service via a specially crafted TIFF image.

Recommendations For versions prior to 0.18.6, update to version 0.18.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the LibRaw::panasonic load raw() function until a patch is available. Restrict access to the dcraw common.cpp component to minimize the risk of exploitation. Avoid using specially crafted TIFF images with the affected library until the issue is resolved.