CVE-2017-16910 — Out-of-bounds Read in Libraw

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 33.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw Canonical Ubuntu Linux

Timeline

PublishedDec 7

Latest updateMay 14

Description

An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlibraw/libraw< 0.18.6

▶debiandebian/libraw< libraw 0.18.6-1 (bookworm)

▶Debianlibraw/libraw< 0.18.6-1+3

▶CVEListV5libraw/librawPrior to 0.18.6

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v878-x7w4-9pgr: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common↗2022-05-14

▶

OSV

CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common↗2018-12-07

▶

📋Vendor Advisories

Ubuntu

LibRaw vulnerabilities↗2018-04-03

▶

Red Hat

libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function↗2017-12-08

▶

Debian

CVE-2017-16910: libraw - An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_comm...↗2017

▶

💬Community

Bugzilla

CVE-2017-16910 libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function [fedora-all]↗2017-12-13

▶

Bugzilla

CVE-2017-16910 libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function↗2017-12-12

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 LibRaw: various flaws [epel-6]↗2017-09-22

▶

Bugzilla

CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 dcraw: various flaws [fedora-all]↗2017-09-15

▶