CVE-2018-5804 — Divide By Zero in Libraw

CWE-369 — Divide By Zero CWE-704 — Incorrect Type Conversion or Cast CWE-190 — Integer Overflow or Wraparound CWE-400 — Uncontrolled Resource Consumption18 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw Canonical Ubuntu Linux

Timeline

PublishedDec 7

Latest updateMay 14

Description

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlibraw/libraw< 0.18.8+1

▶debiandebian/libraw< libraw 0.18.13-1 (bookworm)+1

▶Debianlibraw/libraw< 0.18.13-1+7

▶CVEListV5libraw/librawPrior to 0.18.12

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-hmwc-5f9q-3986: A type confusion error within the "identify()" function (internal/dcraw_common↗2022-05-14

▶

GHSA

GHSA-87cq-cch6-5ff8: An integer overflow error within the "identify()" function (internal/dcraw_common↗2022-05-14

▶

OSV

CVE-2018-5816: An integer overflow error within the "identify()" function (internal/dcraw_common↗2018-12-07

▶

OSV

CVE-2018-5804: A type confusion error within the "identify()" function (internal/dcraw_common↗2018-12-07

▶

📋Vendor Advisories

Red Hat

LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service↗2018-07-22

▶

Red Hat

LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp↗2018-03-14

▶

Debian

CVE-2018-5816: libraw - An integer overflow error within the "identify()" function (internal/dcraw_commo...↗2018

▶

Debian

CVE-2018-5804: libraw - A type confusion error within the "identify()" function (internal/dcraw_common.c...↗2018

▶

💬Community

Bugzilla

CVE-2018-5816 LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service↗2018-07-31

▶

Bugzilla

CVE-2018-5804 dcraw: LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp [fedora-all]↗2018-06-15

▶

Bugzilla

CVE-2018-5804 LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp↗2018-06-15

▶

Bugzilla

CVE-2018-5804 libkdcraw: LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp [fedora-all]↗2018-06-15

▶

Bugzilla

CVE-2018-5804 LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp [fedora-all]↗2018-06-15

▶