Search CVE reports
51 – 59 of 59 results
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.
1 affected package
libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libraw | — | — | — | — |
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.
1 affected package
libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libraw | — | — | — | — |
Some fixes available 1 of 89
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
8 affected packages
kodi, darktable, xbmc, exactimage, rawtherapee...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kodi | Needs evaluation | Vulnerable | Vulnerable | Vulnerable |
| darktable | Not affected | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Not affected | Not affected | Not affected | Not affected |
| libraw | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
Some fixes available 1 of 109
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
8 affected packages
darktable, kodi, xbmc, dcraw, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Vulnerable | Vulnerable | Vulnerable |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| dcraw | Not affected | Not affected | Not affected | Vulnerable |
| libraw | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 2 of 53
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
10 affected packages
darktable, rawstudio, libraw, dcraw, freeimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| rawstudio | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected |
| dcraw | Not affected | Not affected | Not affected | Not affected |
| freeimage | Not affected | Not affected | Not affected | Not affected |
| kodi | Needs evaluation | Not affected | Not affected | Not affected |
| exactimage | Not affected | Not affected | Not affected | Not affected |
| rawtherapee | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 32
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | Not affected |
| libkdcraw | — | — | — | Not in release |
| libraw | — | — | — | Fixed |
Some fixes available 40 of 108
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a...
9 affected packages
darktable, libraw, rawtherapee, dcraw, exactimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| libraw | Fixed | Fixed | Fixed | Fixed |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Not affected | Not affected | Not affected | Vulnerable |
| exactimage | Not affected | Not affected | Not affected | Not affected |
| libkdcraw | Not in release | Not in release | Not in release | Not in release |
| rawstudio | Not in release | Not in release | Not in release | Not in release |
| ufraw | Not in release | Not in release | Not in release | Fixed |
| xmbc | Not in release | Not in release | Not in release | Not in release |
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | — |
| libkdcraw | — | — | — | — |
| libraw | — | — | — | — |
Some fixes available 22 of 29
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code...
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | — |
| libkdcraw | — | — | — | — |
| libraw | — | — | — | — |