CVE-2018-19655

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

8.8HIGH

EPSS

0.7%

top 28.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dcraw Project Dcraw Suse Suse Linux Enterprise Desktop Suse Suse Linux Enterprise Server

Timeline

PublishedNov 29

Latest updateMay 13

Description

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Debiandcraw< 9.28-2+3

▶NVDdcraw_project/dcraw9.28

▶NVDsuse/suse_linux_enterprise_server11, 12+1

▶NVDsuse/suse_linux_enterprise_desktop12

🔴Vulnerability Details

GHSA

GHSA-86c2-8h98-4wr6: A stack-based buffer overflow in the find_green() function of dcraw through 9↗2022-05-13

▶

OSV

CVE-2018-19655: A stack-based buffer overflow in the find_green() function of dcraw through 9↗2018-11-29

▶

CVEList

CVE-2018-19655: A stack-based buffer overflow in the find_green() function of dcraw through 9↗2018-11-29

▶

📋Vendor Advisories

Red Hat

dcraw: Stack-based buffer overflow in the find_green() function↗2018-08-18

▶

Debian

CVE-2018-19655: dcraw - A stack-based buffer overflow in the find_green() function of dcraw through 9.28...↗2018

▶

💬Community

Bugzilla

CVE-2018-19655 dcraw: Stack-based buffer overflow in the find_green() function↗2018-12-06

▶