CVE-2018-19565 — Out-of-bounds Read in Project Dcraw

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

7.1HIGHNVD

EPSS

0.3%

top 46.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dcraw Project Dcraw

Timeline

PublishedNov 26

Latest updateMay 14

Description

A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDdcraw_project/dcraw9.28

🔴Vulnerability Details

GHSA

GHSA-682q-f6x6-8x24: A buffer over-read in crop_masked_pixels in dcraw through 9↗2022-05-14

▶

CVEList

CVE-2018-19565: A buffer over-read in crop_masked_pixels in dcraw through 9↗2018-11-26

▶

OSV

CVE-2018-19565: A buffer over-read in crop_masked_pixels in dcraw through 9↗2018-11-26

▶

📋Vendor Advisories

Red Hat

dcraw: Buffer over-read in crop_masked_pixels resulting in denial of service or information leak↗2018-11-23

▶

Debian

CVE-2018-19565: dcraw - A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by ...↗2018

▶

💬Community

Bugzilla

CVE-2018-19565 dcraw: Buffer over-read in crop_masked_pixels resulting in denial of service or information leak↗2018-12-06

▶