CVE-2017-16909 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libraw

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 31.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw Canonical Ubuntu Linux

Timeline

PublishedDec 7

Latest updateMay 14

Description

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlibraw/libraw< 0.18.6

▶debiandebian/libraw< libraw 0.18.6-1 (bookworm)

▶Debianlibraw/libraw< 0.18.6-1+3

▶CVEListV5libraw/librawPrior to 0.18.6

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g6m7-c354-x2mp: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common↗2022-05-14

▶

OSV

CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common↗2018-12-07

▶

📋Vendor Advisories

Ubuntu

LibRaw vulnerabilities↗2018-04-03

▶

Red Hat

libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function↗2017-12-08

▶

Debian

CVE-2017-16909: libraw - An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cp...↗2017

▶

💬Community

Bugzilla

CVE-2017-16909 libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function↗2017-12-12

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 LibRaw: various flaws [epel-6]↗2017-09-22

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 dcraw: various flaws [fedora-all]↗2017-09-15

▶