CVE-2018-5800 — Off-by-one Error in Libraw
Severity
6.5MEDIUMNVD
EPSS
1.5%
top 18.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 7
Latest updateMay 13
Description
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 17.10
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-5qjx-g7m8-vp5f: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common↗2022-05-13
OSV▶
CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common↗2018-12-07
CVEList▶
CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common↗2018-12-07
📋Vendor Advisories
3💬Community
7Bugzilla▶
CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp [fedora-all]↗2020-04-22
Bugzilla▶
CVE-2018-5800 mingw-LibRaw: LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp [fedora-all]↗2020-04-22
Bugzilla▶
CVE-2018-5800 rawtherapee: LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp [fedora-all]↗2020-04-22
Bugzilla▶
CVE-2018-5800 dcraw: LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp [fedora-all]↗2020-04-22
Bugzilla▶
CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp [epel-6]↗2020-04-22