Name of the Vulnerable Software and Affected Versions rawspeed (affected versions not specified)

Description The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the parseWhiteBalance function within DngDecoder, which is part of the rawspeed library. This function is called by decodeMetaDataInternal in DngDecoder and further by decodeMetaData in RawDecoder. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.