Search CVE reports


Toggle filters

11 – 20 of 55 results


CVE-2020-24890

Medium priority
Not affected

** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected
dcraw Not affected Not affected Not affected
exactimage Not affected Not affected Not affected
kodi Not affected Not affected Not affected
libraw Not affected Not affected Not affected
rawtherapee Not affected Not affected Not affected
ufraw Not in release Not affected Not affected
xbmc Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-24889

Medium priority
Not affected

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected
dcraw Not affected Not affected Not affected
exactimage Not affected Not affected Not affected
kodi Not affected Not affected Not affected
libraw Not affected Not affected Not affected
rawtherapee Not affected Not affected Not affected
ufraw Not in release Not affected Not affected
xbmc Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-15503

Low priority

Some fixes available 2 of 74

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-15365

Medium priority
Needs evaluation

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-5819

Low priority

Some fixes available 3 of 82

An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-5818

Low priority

Some fixes available 3 of 82

An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-5817

Low priority

Some fixes available 3 of 82

A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-20365

Low priority

Some fixes available 3 of 82

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-20364

Low priority

Some fixes available 3 of 82

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-20363

Low priority

Some fixes available 3 of 82

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Fixed Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages