CVE-2018-10528 — Out-of-bounds Write in Libraw

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow11 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.9%

top 16.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw Canonical Ubuntu Linux

Timeline

PublishedApr 29

Latest updateMay 13

Description

An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/libraw< libraw 0.18.11-1 (bookworm)

▶Debianlibraw/libraw< 0.18.11-1+3

▶Ubuntulibraw/libraw< 0.17.1-1ubuntu0.3+1

▶NVDlibraw/libraw0.18.9

Also affects: Ubuntu Linux 16.04, 17.10, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-wqh9-39m5-8c9r: An issue was discovered in LibRaw 0↗2022-05-13

▶

OSV

libraw vulnerabilities↗2018-05-08

▶

OSV

CVE-2018-10528: An issue was discovered in LibRaw 0↗2018-04-29

▶

📋Vendor Advisories

Ubuntu

LibRaw vulnerabilities↗2018-05-08

▶

Red Hat

LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution↗2018-04-27

▶

Debian

CVE-2018-10528: libraw - An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow...↗2018

▶

💬Community

Bugzilla

CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution↗2018-05-03

▶

Bugzilla

CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [epel-6]↗2018-05-03

▶

Bugzilla

CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all]↗2018-05-03

▶

Bugzilla

CVE-2018-10528 mingw-LibRaw: LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all]↗2018-05-03

▶