PT-2018-15011 · Dave Coffin+3 · Dcraw+3

Hanno Böck

Published

2018-06-06

Updated

2022-05-19

CVE-2018-19567

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions dcraw versions through 9.28

Description A floating point exception in the parse tiff ifd function could be used by attackers to crash an application that bundles the dcraw code by supplying malicious files.

Recommendations For dcraw versions through 9.28, consider updating to a version that fixes the issue in the parse tiff ifd function to prevent application crashes due to malicious files.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1857

CVE-2018-19567

MGASA-2022-0160

OPENSUSE-SU-2022_1277-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Affected Products

Alt Linux

Debian

Suse

Dcraw

PT-2018-15011 · Dave Coffin+3 · Dcraw+3

CVE-2018-19567

Weakness Enumeration

Related Identifiers

Affected Products

References · 40