PT-2018-3952 · Libraw+4 · Libraw+4

Laurent Delosieres

Published

2018-02-24

Updated

2024-06-15

CVE-2018-5805

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.18.8

Description The issue is related to a boundary error within the quicktake 100 load raw() function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a stack-based buffer overflow, causing a crash. Additionally, it may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the quicktake 100 load raw() function until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-1291

BDU:2023-07715

CESA-2018_3065

CVE-2018-5805

DLA-2903-1

MGASA-2022-0160

OPENSUSE-SU-2018_4299-1

OPENSUSE-SU-2022_1277-1

OPENSUSE-SU-2024:11997-1

RHSA-2018:3065

RHSA-2018_3065

SUSE-SU-2019:0002-1

SUSE-SU-2019_0002-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Affected Products

Alt Linux

Centos

Libraw

Red Hat

Suse

PT-2018-3952 · Libraw+4 · Libraw+4

CVE-2018-5805

Weakness Enumeration

Related Identifiers

Affected Products

References · 54