Search CVE reports


Toggle filters

41 – 50 of 55 results


CVE-2017-14608

Medium priority

Some fixes available 4 of 95

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2017-14348

Medium priority

Some fixes available 3 of 94

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2017-14265

Medium priority

Some fixes available 4 of 95

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Fixed
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2017-13735

Medium priority

Some fixes available 4 of 68

There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected Not affected Not affected
dcraw Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Not affected Not affected Not affected Vulnerable
libraw Not affected Not affected Not affected Not affected Fixed
rawtherapee Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
ufraw Not in release Not in release Not in release Vulnerable Vulnerable
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2017-6887

Low priority

Some fixes available 3 of 108

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100"...

12 affected packages

darktable, dcraw, exactimage, flphoto, freeimage...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
flphoto Not in release Not in release Not in release Not in release Not in release
freeimage Not affected Not affected Not affected Not affected Not affected
graphicsmagick Not affected Not affected Not affected Not affected Not affected
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Fixed
rawstudio Not in release Not in release Not in release Not in release Not in release
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Vulnerable Vulnerable
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 12 packages Show less packages

CVE-2017-6886

Low priority

Some fixes available 3 of 108

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

12 affected packages

darktable, dcraw, exactimage, flphoto, freeimage...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
flphoto Not in release Not in release Not in release Not in release Not in release
freeimage Not affected Not affected Not affected Not affected Not affected
graphicsmagick Not affected Not affected Not affected Not affected Not affected
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Fixed
rawstudio Not in release Not in release Not in release Not in release Not in release
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 12 packages Show less packages

CVE-2017-6890

Medium priority
Not affected

A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

1 affected package

libraw

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libraw Not affected
Show less packages

CVE-2017-6889

Medium priority
Not affected

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

1 affected package

libraw

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libraw Not affected
Show less packages

CVE-2015-8367

Low priority

Some fixes available 1 of 86

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected Not affected Not affected
dcraw Not affected Not affected Not affected Not affected Not affected
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
ufraw Not in release Not in release Not in release Not affected Not affected
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2015-8366

Low priority

Some fixes available 1 of 105

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
dcraw Not affected Not affected Not affected Vulnerable Vulnerable
exactimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
kodi Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
ufraw Not in release Not in release Not in release Not affected Vulnerable
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages