CVE-2018-10529Out-of-bounds Read in Libraw

CWE-125Out-of-bounds ReadCWE-121Stack-based Buffer Overflow11 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibrawDebian LibrawCanonical Ubuntu Linux
Timeline
PublishedApr 29
Latest updateMay 14

Description

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/libraw< libraw 0.18.11-1 (bookworm)
Debianlibraw/libraw< 0.18.11-1+3
Ubuntulibraw/libraw< 0.17.1-1ubuntu0.3+1
NVDlibraw/libraw0.18.9

Also affects: Ubuntu Linux 16.04, 17.10, 18.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-h63v-r4p9-395h: An issue was discovered in LibRaw 02022-05-14
OSV
libraw vulnerabilities2018-05-08
OSV
CVE-2018-10529: An issue was discovered in LibRaw 02018-04-29

📋Vendor Advisories

3
Ubuntu
LibRaw vulnerabilities2018-05-08
Red Hat
LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp2018-04-27
Debian
CVE-2018-10529: libraw - An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecti...2018

💬Community

4
Bugzilla
CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp2018-05-03
Bugzilla
CVE-2018-10529 mingw-LibRaw: LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all]2018-05-03
Bugzilla
CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all]2018-05-03
Bugzilla
CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [epel-6]2018-05-03