ID CVE-2018-20337
Summary There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
References
Vulnerable Configurations
  • cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • LibRaw-0:0.19.5-1.el8
  • LibRaw-debuginfo-0:0.19.5-1.el8
  • LibRaw-debugsource-0:0.19.5-1.el8
  • LibRaw-devel-0:0.19.5-1.el8
  • LibRaw-samples-debuginfo-0:0.19.5-1.el8
  • accountsservice-0:0.6.50-8.el8
  • accountsservice-debuginfo-0:0.6.50-8.el8
  • accountsservice-debugsource-0:0.6.50-8.el8
  • accountsservice-devel-0:0.6.50-8.el8
  • accountsservice-libs-0:0.6.50-8.el8
  • accountsservice-libs-debuginfo-0:0.6.50-8.el8
  • appstream-data-0:8-20191129.el8
  • baobab-0:3.28.0-4.el8
  • baobab-debuginfo-0:3.28.0-4.el8
  • baobab-debugsource-0:3.28.0-4.el8
  • clutter-0:1.26.2-8.el8
  • clutter-debuginfo-0:1.26.2-8.el8
  • clutter-debugsource-0:1.26.2-8.el8
  • clutter-devel-0:1.26.2-8.el8
  • clutter-doc-0:1.26.2-8.el8
  • clutter-tests-debuginfo-0:1.26.2-8.el8
  • evince-0:3.28.4-4.el8
  • evince-browser-plugin-0:3.28.4-4.el8
  • evince-browser-plugin-debuginfo-0:3.28.4-4.el8
  • evince-debuginfo-0:3.28.4-4.el8
  • evince-debugsource-0:3.28.4-4.el8
  • evince-libs-0:3.28.4-4.el8
  • evince-libs-debuginfo-0:3.28.4-4.el8
  • evince-nautilus-0:3.28.4-4.el8
  • evince-nautilus-debuginfo-0:3.28.4-4.el8
  • gdm-1:3.28.3-29.el8
  • gdm-debuginfo-1:3.28.3-29.el8
  • gdm-debugsource-1:3.28.3-29.el8
  • gjs-0:1.56.2-4.el8
  • gjs-debuginfo-0:1.56.2-4.el8
  • gjs-debugsource-0:1.56.2-4.el8
  • gjs-devel-0:1.56.2-4.el8
  • gjs-tests-debuginfo-0:1.56.2-4.el8
  • gnome-boxes-0:3.28.5-8.el8
  • gnome-boxes-debuginfo-0:3.28.5-8.el8
  • gnome-boxes-debugsource-0:3.28.5-8.el8
  • gnome-control-center-0:3.28.2-19.el8
  • gnome-control-center-debuginfo-0:3.28.2-19.el8
  • gnome-control-center-debugsource-0:3.28.2-19.el8
  • gnome-control-center-filesystem-0:3.28.2-19.el8
  • gnome-menus-0:3.13.3-11.el8
  • gnome-menus-debuginfo-0:3.13.3-11.el8
  • gnome-menus-debugsource-0:3.13.3-11.el8
  • gnome-menus-devel-0:3.13.3-11.el8
  • gnome-online-accounts-0:3.28.2-1.el8
  • gnome-online-accounts-debuginfo-0:3.28.2-1.el8
  • gnome-online-accounts-debugsource-0:3.28.2-1.el8
  • gnome-online-accounts-devel-0:3.28.2-1.el8
  • gnome-remote-desktop-0:0.1.6-8.el8
  • gnome-remote-desktop-debuginfo-0:0.1.6-8.el8
  • gnome-remote-desktop-debugsource-0:0.1.6-8.el8
  • gnome-session-0:3.28.1-8.el8
  • gnome-session-debuginfo-0:3.28.1-8.el8
  • gnome-session-debugsource-0:3.28.1-8.el8
  • gnome-session-wayland-session-0:3.28.1-8.el8
  • gnome-session-xsession-0:3.28.1-8.el8
  • gnome-settings-daemon-0:3.32.0-9.el8
  • gnome-settings-daemon-debuginfo-0:3.32.0-9.el8
  • gnome-settings-daemon-debugsource-0:3.32.0-9.el8
  • gnome-shell-0:3.32.2-14.el8
  • gnome-shell-debuginfo-0:3.32.2-14.el8
  • gnome-shell-debugsource-0:3.32.2-14.el8
  • gnome-software-0:3.30.6-3.el8
  • gnome-software-debuginfo-0:3.30.6-3.el8
  • gnome-software-debugsource-0:3.30.6-3.el8
  • gnome-software-editor-0:3.30.6-3.el8
  • gnome-software-editor-debuginfo-0:3.30.6-3.el8
  • gnome-terminal-0:3.28.3-1.el8
  • gnome-terminal-debuginfo-0:3.28.3-1.el8
  • gnome-terminal-debugsource-0:3.28.3-1.el8
  • gnome-terminal-nautilus-0:3.28.3-1.el8
  • gnome-terminal-nautilus-debuginfo-0:3.28.3-1.el8
  • gnome-tweaks-0:3.28.1-7.el8
  • gsettings-desktop-schemas-0:3.32.0-4.el8
  • gsettings-desktop-schemas-devel-0:3.32.0-4.el8
  • gtk-update-icon-cache-0:3.22.30-5.el8
  • gtk-update-icon-cache-debuginfo-0:3.22.30-5.el8
  • gtk3-0:3.22.30-5.el8
  • gtk3-debuginfo-0:3.22.30-5.el8
  • gtk3-debugsource-0:3.22.30-5.el8
  • gtk3-devel-0:3.22.30-5.el8
  • gtk3-devel-debuginfo-0:3.22.30-5.el8
  • gtk3-immodule-xim-0:3.22.30-5.el8
  • gtk3-immodule-xim-debuginfo-0:3.22.30-5.el8
  • gtk3-immodules-debuginfo-0:3.22.30-5.el8
  • gtk3-tests-debuginfo-0:3.22.30-5.el8
  • gvfs-0:1.36.2-8.el8
  • gvfs-afc-0:1.36.2-8.el8
  • gvfs-afc-debuginfo-0:1.36.2-8.el8
  • gvfs-afp-0:1.36.2-8.el8
  • gvfs-afp-debuginfo-0:1.36.2-8.el8
  • gvfs-archive-0:1.36.2-8.el8
  • gvfs-archive-debuginfo-0:1.36.2-8.el8
  • gvfs-client-0:1.36.2-8.el8
  • gvfs-client-debuginfo-0:1.36.2-8.el8
  • gvfs-debuginfo-0:1.36.2-8.el8
  • gvfs-debugsource-0:1.36.2-8.el8
  • gvfs-devel-0:1.36.2-8.el8
  • gvfs-fuse-0:1.36.2-8.el8
  • gvfs-fuse-debuginfo-0:1.36.2-8.el8
  • gvfs-goa-0:1.36.2-8.el8
  • gvfs-goa-debuginfo-0:1.36.2-8.el8
  • gvfs-gphoto2-0:1.36.2-8.el8
  • gvfs-gphoto2-debuginfo-0:1.36.2-8.el8
  • gvfs-mtp-0:1.36.2-8.el8
  • gvfs-mtp-debuginfo-0:1.36.2-8.el8
  • gvfs-smb-0:1.36.2-8.el8
  • gvfs-smb-debuginfo-0:1.36.2-8.el8
  • libvncserver-0:0.9.11-14.el8
  • libvncserver-debuginfo-0:0.9.11-14.el8
  • libvncserver-debugsource-0:0.9.11-14.el8
  • libvncserver-devel-0:0.9.11-14.el8
  • libxslt-0:1.1.32-4.el8
  • libxslt-debuginfo-0:1.1.32-4.el8
  • libxslt-debugsource-0:1.1.32-4.el8
  • libxslt-devel-0:1.1.32-4.el8
  • mozjs52-0:52.9.0-2.el8
  • mozjs52-debuginfo-0:52.9.0-2.el8
  • mozjs52-debugsource-0:52.9.0-2.el8
  • mozjs52-devel-0:52.9.0-2.el8
  • mozjs52-devel-debuginfo-0:52.9.0-2.el8
  • mozjs60-0:60.9.0-4.el8
  • mozjs60-debuginfo-0:60.9.0-4.el8
  • mozjs60-debugsource-0:60.9.0-4.el8
  • mozjs60-devel-0:60.9.0-4.el8
  • mutter-0:3.32.2-34.el8
  • mutter-debuginfo-0:3.32.2-34.el8
  • mutter-debugsource-0:3.32.2-34.el8
  • mutter-devel-0:3.32.2-34.el8
  • mutter-tests-debuginfo-0:3.32.2-34.el8
  • nautilus-0:3.28.1-12.el8
  • nautilus-debuginfo-0:3.28.1-12.el8
  • nautilus-debugsource-0:3.28.1-12.el8
  • nautilus-devel-0:3.28.1-12.el8
  • nautilus-extensions-0:3.28.1-12.el8
  • nautilus-extensions-debuginfo-0:3.28.1-12.el8
  • vala-0:0.40.19-1.el8
  • vala-debuginfo-0:0.40.19-1.el8
  • vala-debugsource-0:0.40.19-1.el8
  • vala-devel-0:0.40.19-1.el8
  • valadoc-debuginfo-0:0.40.19-1.el8
  • vinagre-0:3.22.0-21.el8
  • vinagre-debuginfo-0:3.22.0-21.el8
  • vinagre-debugsource-0:3.22.0-21.el8
refmap via4
misc https://github.com/LibRaw/LibRaw/issues/192
ubuntu USN-3989-1
Last major update 24-08-2020 - 17:37
Published 21-12-2018 - 09:29
Last modified 24-08-2020 - 17:37
Back to Top