PT-2018-15033 · Ufraw+3 · Ufraw-Batch+3

Josef Ridky

Published

2018-06-06

Updated

2024-11-08

CVE-2018-19655

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dcraw versions through 9.28 ufraw-batch (affected versions not specified)

Description A stack-based buffer overflow in the find green() function may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

Recommendations For dcraw versions through 9.28, update to a version that fixes the issue in the find green() function. For ufraw-batch, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-1857

CVE-2018-19655

MGASA-2020-0157

OESA-2024-2363

OESA-2024-2364

OESA-2024-2365

OESA-2024-2366

OPENSUSE-SU-2022_1277-1

OPENSUSE-SU-2024:10712-1

OPENSUSE-SU-2024:11480-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Affected Products

Alt Linux

Suse

Dcraw

Ufraw-Batch

PT-2018-15033 · Ufraw+3 · Ufraw-Batch+3

CVE-2018-19655

Weakness Enumeration

Related Identifiers

Affected Products

References · 55