CVE-2023-1729
published 2023-05-15CVE-2023-1729: A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libraw | < libraw 0.20.2-2.1 (bookworm) | libraw 0.20.2-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libraw | libraw | < 0.21.2 | 0.21.2 |
| libraw | libraw | — | — |
| libraw | libraw | >= 0 < 0.20.2-1+deb11u1 | 0.20.2-1+deb11u1 |
| libraw | libraw | >= 0 < 0.20.2-2.1 | 0.20.2-2.1 |
| libraw | libraw | >= 0 < 0.20.2-2.1 | 0.20.2-2.1 |
| libraw | libraw | >= 0 < 0.20.2-2.1 | 0.20.2-2.1 |
| linux | linux_kernel | >= 5.18.0 < 6.5.4 | 6.5.4 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM