Heap-Based Buffer Overflow in LibRaw Demosaic Pack by LibRaw
CVE-2017-6889

9.8CRITICAL

Key Information:

Vendor: Libraw
Status: Libraw-demosaic-pack-gpl2
Vendor: CVE Published:; 15 May 2017

What is CVE-2017-6889?

An integer overflow vulnerability exists in the 'foveon_load_camf()' function within the LibRaw Demosaic Pack prior to version 0.18.2. This flaw can be exploited by attackers to cause a heap-based buffer overflow, potentially leading to arbitrary code execution and severe security risks for systems utilizing affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibRaw-demosaic-pack-GPL2 0.x prior to 0.18.2

References

https://secuniaresearch.flexerasoftware.com/advisories/75...

x_refsource_MISC

https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commi...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2017
Vulnerability Reserved
Mar 14, 2017

JSON

Libraw

What is CVE-2017-6889?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.