Search CVE reports

41 – 50 of 55 results

Detailed view

Sort by:

CVE-2017-14608

Medium priority

Some fixes available 4 of 90

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-14348

Medium priority

Some fixes available 3 of 89

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-14265

Medium priority

Some fixes available 4 of 90

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-13735

Medium priority

Some fixes available 4 of 64

There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Not affected	Not affected	Not affected	Not affected	Not affected
dcraw	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Not affected	Not affected	Not affected	Vulnerable
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawtherapee	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ufraw	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-6887

Low priority

Some fixes available 3 of 103

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100"...

12 affected packages

darktable, dcraw, exactimage, flphoto, freeimage...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
flphoto	Not in release	Not in release	Not in release	Not in release	Not in release
freeimage	Not affected	Not affected	Not affected	Not affected	Not affected
graphicsmagick	Not affected	Not affected	Not affected	Not affected	Not affected
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawstudio	Not in release	Not in release	Not in release	Not in release	Not in release
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-6886

Low priority

Some fixes available 3 of 103

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

12 affected packages

darktable, dcraw, exactimage, flphoto, freeimage...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
flphoto	Not in release	Not in release	Not in release	Not in release	Not in release
freeimage	Not affected	Not affected	Not affected	Not affected	Not affected
graphicsmagick	Not affected	Not affected	Not affected	Not affected	Not affected
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Not affected	Not affected	Fixed
rawstudio	Not in release	Not in release	Not in release	Not in release	Not in release
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2017-6890

Medium priority

Not affected

A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

1 affected packages

libraw

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libraw	—	—	—	—	Not affected

CVE-2017-6889

Medium priority

Not affected

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

1 affected packages

libraw

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libraw	—	—	—	—	Not affected

CVE-2015-8367

Low priority

Some fixes available 1 of 83

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Not affected	Not affected	Not affected	Not affected	Not affected
dcraw	Not affected	Not affected	Not affected	Not affected	Not affected
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libraw	Not affected	Not affected	Not affected	Not affected	Not affected
rawtherapee	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ufraw	Not in release	Not in release	Not in release	Not affected	Not affected
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2015-8366

Low priority

Some fixes available 1 of 101

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
dcraw	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libraw	Not affected	Not affected	Not affected	Not affected	Not affected
rawtherapee	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ufraw	Not in release	Not in release	Not in release	Not affected	Vulnerable
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: