PT-2021-3480 · Dcraw+2 · Dcraw+2

Wooseok Kang

Published

2021-05-31

Updated

2024-06-15

CVE-2021-3624

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions dcraw (affected versions not specified)

Description The issue is related to an integer overflow vulnerability. It occurs when a maliciously crafted X3F input image is processed, potentially allowing arbitrary code execution on the victim's system. The vulnerability exists due to insufficient input validation in the foveon load camf() function of the dcraw raw converter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-190CWE-787

Related Identifiers

BDU:2021-03491

CVE-2021-3624

MGASA-2022-0160

OPENSUSE-SU-2022_1277-1

OPENSUSE-SU-2024:11997-1

SUSE-SU-2022:1277-1

SUSE-SU-2022:1749-1

Affected Products

Debian

Suse

Dcraw

PT-2021-3480 · Dcraw+2 · Dcraw+2

CVE-2021-3624

Weakness Enumeration

Related Identifiers

Affected Products

References · 44