Debian Rawtherapee vulnerabilities

5 known vulnerabilities affecting debian/rawtherapee.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-24808LOWCVSS 8.3fixed in rawtherapee 5.12-1 (forky)2026
CVE-2026-24808 [HIGH] CVE-2026-24808: rawtherapee - Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). ... Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 5.12-1) sid: resolved (fixed in 5.12-1) trixie: open
debian
CVE-2015-8367CRITICALCVSS 9.8fixed in darktable 2.0.0-1 (bookworm)2015
CVE-2015-8367 [CRITICAL] CVE-2015-8367: darktable - The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause... The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie: resolved (fixed in 2.0.0-1
debian
CVE-2015-8366CRITICALCVSS 9.8fixed in darktable 2.0.0-1 (bookworm)2015
CVE-2015-8366 [CRITICAL] CVE-2015-8366: darktable - Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows... Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie:
debian
CVE-2015-3885MEDIUMCVSS 4.3fixed in darktable 1.6.7-1 (bookworm)2015
CVE-2015-3885 [MEDIUM] CVE-2015-3885: darktable - Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows re... Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) forky: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.
debian
CVE-2013-1438MEDIUMCVSS 4.3fixed in darktable 1.2.2-2 (bookworm)2013
CVE-2013-1438 [MEDIUM] CVE-2013-1438: darktable - Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw... Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference. Scope: local bookworm: resolved (fixed in 1.2.2-2) bullseye: resolved (fixed
debian
Debian Rawtherapee vulnerabilities | cvebase