1. CVE-Search
  2. CVE-2018-5818
ID CVE-2018-5818
Summary An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
References
Vulnerable Configurations
  • cpe:2.3:a:libraw:libraw:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.7:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.13.8:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.13.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.7:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.14.8:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.14.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.16.1:-:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.16.1:-:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.16.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.16.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.5:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.6:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.7:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.8:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.10:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.11:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.12:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.12:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.18.13:*:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.18.13:*:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:-:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:libraw:libraw:0.19.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:libraw:libraw:0.19.0:beta6:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • LibRaw-0:0.19.2-1.el7
  • LibRaw-debuginfo-0:0.19.2-1.el7
  • LibRaw-devel-0:0.19.2-1.el7
  • LibRaw-static-0:0.19.2-1.el7
  • accountsservice-0:0.6.50-5.el7
  • accountsservice-debuginfo-0:0.6.50-5.el7
  • accountsservice-devel-0:0.6.50-5.el7
  • accountsservice-libs-0:0.6.50-5.el7
  • cairo-0:1.15.12-4.el7
  • cairo-debuginfo-0:1.15.12-4.el7
  • cairo-devel-0:1.15.12-4.el7
  • cairo-gobject-0:1.15.12-4.el7
  • cairo-gobject-devel-0:1.15.12-4.el7
  • cairo-tools-0:1.15.12-4.el7
  • desktop-file-utils-0:0.23-2.el7
  • desktop-file-utils-debuginfo-0:0.23-2.el7
  • finch-0:2.10.11-8.el7
  • finch-devel-0:2.10.11-8.el7
  • glib2-0:2.56.1-5.el7
  • glib2-debuginfo-0:2.56.1-5.el7
  • glib2-devel-0:2.56.1-5.el7
  • glib2-doc-0:2.56.1-5.el7
  • glib2-fam-0:2.56.1-5.el7
  • glib2-static-0:2.56.1-5.el7
  • glib2-tests-0:2.56.1-5.el7
  • gnome-boxes-0:3.28.5-4.el7
  • gnome-boxes-debuginfo-0:3.28.5-4.el7
  • gnome-classic-session-0:3.28.1-7.el7
  • gnome-documents-0:3.28.2-2.el7
  • gnome-documents-debuginfo-0:3.28.2-2.el7
  • gnome-documents-libs-0:3.28.2-2.el7
  • gnome-initial-setup-0:3.28.0-2.el7
  • gnome-initial-setup-debuginfo-0:3.28.0-2.el7
  • gnome-session-0:3.28.1-7.el7
  • gnome-session-custom-session-0:3.28.1-7.el7
  • gnome-session-debuginfo-0:3.28.1-7.el7
  • gnome-session-wayland-session-0:3.28.1-7.el7
  • gnome-session-xsession-0:3.28.1-7.el7
  • gnome-settings-daemon-0:3.28.1-4.el7
  • gnome-settings-daemon-debuginfo-0:3.28.1-4.el7
  • gnome-settings-daemon-devel-0:3.28.1-4.el7
  • gnome-shell-0:3.28.3-11.el7
  • gnome-shell-debuginfo-0:3.28.3-11.el7
  • gnome-shell-extension-alternate-tab-0:3.28.1-7.el7
  • gnome-shell-extension-apps-menu-0:3.28.1-7.el7
  • gnome-shell-extension-auto-move-windows-0:3.28.1-7.el7
  • gnome-shell-extension-common-0:3.28.1-7.el7
  • gnome-shell-extension-dash-to-dock-0:3.28.1-7.el7
  • gnome-shell-extension-drive-menu-0:3.28.1-7.el7
  • gnome-shell-extension-launch-new-instance-0:3.28.1-7.el7
  • gnome-shell-extension-native-window-placement-0:3.28.1-7.el7
  • gnome-shell-extension-no-hot-corner-0:3.28.1-7.el7
  • gnome-shell-extension-panel-favorites-0:3.28.1-7.el7
  • gnome-shell-extension-places-menu-0:3.28.1-7.el7
  • gnome-shell-extension-screenshot-window-sizer-0:3.28.1-7.el7
  • gnome-shell-extension-systemMonitor-0:3.28.1-7.el7
  • gnome-shell-extension-top-icons-0:3.28.1-7.el7
  • gnome-shell-extension-updates-dialog-0:3.28.1-7.el7
  • gnome-shell-extension-user-theme-0:3.28.1-7.el7
  • gnome-shell-extension-window-list-0:3.28.1-7.el7
  • gnome-shell-extension-windowsNavigator-0:3.28.1-7.el7
  • gnome-shell-extension-workspace-indicator-0:3.28.1-7.el7
  • libgnomekbd-0:3.26.0-3.el7
  • libgnomekbd-debuginfo-0:3.26.0-3.el7
  • libgnomekbd-devel-0:3.26.0-3.el7
  • libkdcraw-0:4.10.5-7.el7
  • libkdcraw-debuginfo-0:4.10.5-7.el7
  • libkdcraw-devel-0:4.10.5-7.el7
  • libpurple-0:2.10.11-8.el7
  • libpurple-devel-0:2.10.11-8.el7
  • libpurple-perl-0:2.10.11-8.el7
  • libpurple-tcl-0:2.10.11-8.el7
  • mutter-0:3.28.3-10.el7
  • mutter-debuginfo-0:3.28.3-10.el7
  • mutter-devel-0:3.28.3-10.el7
  • nautilus-0:3.26.3.1-6.el7
  • nautilus-debuginfo-0:3.26.3.1-6.el7
  • nautilus-devel-0:3.26.3.1-6.el7
  • nautilus-extensions-0:3.26.3.1-6.el7
  • pango-0:1.42.4-3.el7
  • pango-debuginfo-0:1.42.4-3.el7
  • pango-devel-0:1.42.4-3.el7
  • pango-tests-0:1.42.4-3.el7
  • pidgin-0:2.10.11-8.el7
  • pidgin-debuginfo-0:2.10.11-8.el7
  • pidgin-devel-0:2.10.11-8.el7
  • pidgin-perl-0:2.10.11-8.el7
  • plymouth-0:0.8.9-0.32.20140113.el7
  • plymouth-core-libs-0:0.8.9-0.32.20140113.el7
  • plymouth-debuginfo-0:0.8.9-0.32.20140113.el7
  • plymouth-devel-0:0.8.9-0.32.20140113.el7
  • plymouth-graphics-libs-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-fade-throbber-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-label-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-script-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-space-flares-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-throbgress-0:0.8.9-0.32.20140113.el7
  • plymouth-plugin-two-step-0:0.8.9-0.32.20140113.el7
  • plymouth-scripts-0:0.8.9-0.32.20140113.el7
  • plymouth-system-theme-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-charge-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-fade-in-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-script-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-solar-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-spinfinity-0:0.8.9-0.32.20140113.el7
  • plymouth-theme-spinner-0:0.8.9-0.32.20140113.el7
  • shotwell-0:0.28.4-2.el7
  • shotwell-debuginfo-0:0.28.4-2.el7
  • xchat-1:2.8.8-24.el7
  • xchat-debuginfo-1:2.8.8-24.el7
  • xchat-tcl-1:2.8.8-24.el7
refmap via4
misc
mlist [debian-lts-announce] 20190328 [SECURITY] [DLA 1734-1] libraw security update
ubuntu USN-3989-1
Last major update 24-08-2020 - 17:37
Published 20-02-2019 - 18:29
Last modified 24-08-2020 - 17:37
Back to Top