CVE-2017-14348 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libraw

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow14 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 38.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw

Timeline

PublishedSep 12

Latest updateMay 17

Description

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/libraw< libraw 0.18.5-1 (bookworm)

▶Debianlibraw/libraw< 0.18.5-1+3

▶NVDlibraw/libraw0.18.3

🔴Vulnerability Details

GHSA

GHSA-mhmm-m867-5r8p: LibRaw before 0↗2022-05-17

▶

OSV

CVE-2017-14348: LibRaw before 0↗2017-09-12

▶

📋Vendor Advisories

Ubuntu

LibRaw vulnerabilities↗2017-11-22

▶

Red Hat

libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp↗2017-09-13

▶

Debian

CVE-2017-14348: libraw - LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraI...↗2017

▶

💬Community

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 LibRaw: various flaws [epel-6]↗2017-09-22

▶

Bugzilla

CVE-2017-14348 rawtherapee: libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp [fedora-all]↗2017-09-15

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 dcraw: various flaws [fedora-all]↗2017-09-15

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 libkdcraw: various flaws [fedora-all]↗2017-09-15

▶

Bugzilla

CVE-2017-14348 mingw-LibRaw: libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp [fedora-all]↗2017-09-15

▶