Information on source package libraw

Available versions

jessie (security)0.16.0-9+deb8u3
stretch (security)0.17.2-6+deb9u1

Open issues

CVE-2018-5815vulnerable (no DSA)vulnerable (no DSA)fixedfixedInteger overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service
CVE-2018-5813vulnerable (no DSA)vulnerable (no DSA)fixedfixedinfinite loop in the parse_minolta function in dcraw/dcraw.c
CVE-2018-5812vulnerable (no DSA)vulnerable (no DSA)fixedfixedNULL pointer dereference in nikon_coolscan_load_raw internal/dcraw_common.cpp
CVE-2018-5811vulnerable (no DSA)vulnerable (no DSA)fixedfixedout-of-bounds read in nikon_coolscan_load_raw internal/dcraw_common.cpp
CVE-2018-5810vulnerable (no DSA)vulnerable (no DSA)fixedfixedheap-based buffer overflow in rollei_load_raw internal/dcraw_common.cpp
CVE-2018-5807vulnerable (no DSA)vulnerable (no DSA)fixedfixedout-of-bounds read in samsung_load_raw internal/dcraw_common.cpp
CVE-2018-5806vulnerable (no DSA)vulnerable (no DSA)fixedfixedNULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp
CVE-2018-5805vulnerable (no DSA)vulnerable (no DSA)fixedfixedStack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp
CVE-2018-5804vulnerable (no DSA)vulnerable (no DSA)fixedfixedtype confusion error in identify() function in internal/dcraw_common.cpp
CVE-2018-5802vulnerable (no DSA)vulnerable (no DSA)fixedfixedOut-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp
CVE-2018-5801vulnerable (no DSA)vulnerable (no DSA)fixedfixedNULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp
CVE-2018-5800vulnerable (no DSA)vulnerable (no DSA)fixedfixedHeap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp
CVE-2018-10529vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in LibRaw 0.18.9. There is an out-of-bounds ...
CVE-2018-10528vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in LibRaw 0.18.9. There is a stack-based buffer ...
CVE-2017-16910vulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2017-16909vulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2017-14608vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn LibRaw through 0.18.4, an out of bounds read flaw related to ...
CVE-2017-14348fixedvulnerable (no DSA)fixedfixedLibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...
CVE-2017-14265vulnerable (no DSA)vulnerable (no DSA)fixedfixedA Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...
CVE-2017-13735vulnerable (no DSA)vulnerable (no DSA)fixedfixedThere is a floating point exception in the kodak_radc_load_raw function ...

Resolved issues

CVE-2018-5816Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service
CVE-2017-6887A boundary error within the "parse_tiff_ifd()" function ...
CVE-2017-6886An error within the "parse_tiff_ifd()" function ...
CVE-2015-8367Memory objects are not intialized properly
CVE-2015-8366Index overflow in smal_decode_segment
CVE-2015-3885Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...
CVE-2013-2127Buffer overflow in the exposure correction code in LibRaw before ...
CVE-2013-2126Multiple double free vulnerabilities in the LibRaw::unpack function in ...
CVE-2013-1439The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...
CVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...

Security announcements

DSA / DLADescription
DLA-1109-1libraw - security update
DSA-3950-1libraw - security update
DSA-3950-1libraw - security update
DLA-1057-1libraw - security update
DLA-243-1libraw - security update

Search for package or bug name: Reporting problems