Memory Corruption Vulnerability in LibRaw by LibRaw
CVE-2017-6886

9.8CRITICAL

Key Information:

Vendor

Libraw

Status
Libraw
Vendor
CVE Published:
16 May 2017

What is CVE-2017-6886?

A vulnerability exists in the 'parse_tiff_ifd()' function within LibRaw, allowing attackers to exploit a memory corruption issue. By crafting a specific TIFF file, adversaries can manipulate memory or alter program execution, potentially leading to denial of service or arbitrary code execution. This affects versions prior to 0.18.2.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibRaw 0.x prior to 0.18.2

References

https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3...
x_refsource_CONFIRM
https://secuniaresearch.flexerasoftware.com/secunia_resea...
x_refsource_MISC
http://www.securityfocus.com/bid/98605
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.