CVE-2017-14608 — Out-of-bounds Read in Libraw

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

9.1CRITICALNVD

EPSS

0.3%

top 45.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw

Timeline

PublishedSep 20

Latest updateMay 17

Description

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶debiandebian/libraw< libraw 0.18.5-1 (bookworm)

▶Debianlibraw/libraw< 0.18.5-1+3

▶NVDlibraw/libraw0.18.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfpv-jgj6-hw2h: In LibRaw through 0↗2022-05-17

▶

OSV

CVE-2017-14608: In LibRaw through 0↗2017-09-20

▶

📋Vendor Advisories

Ubuntu

LibRaw vulnerabilities↗2017-11-22

▶

Red Hat

libraw: Out-of-bounds read in the kodak_65000_load_raw function↗2017-09-13

▶

Debian

CVE-2017-14608: libraw - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load...↗2017

▶

💬Community

Bugzilla

CVE-2017-14265 CVE-2017-14608 mingw-LibRaw: various flaws [fedora-all]↗2017-10-09

▶

Bugzilla

CVE-2017-14608 libraw: Out-of-bounds read in the kodak_65000_load_raw function↗2017-10-09

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 LibRaw: various flaws [epel-6]↗2017-09-22

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 dcraw: various flaws [fedora-all]↗2017-09-15

▶