Stack-Based Buffer Overflow in LibRaw Affects Multiple Versions
CVE-2018-10528

8.8HIGH

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Vendor
CVE Published:
29 April 2018

What is CVE-2018-10528?

A stack-based buffer overflow vulnerability exists in the utf2char function located in libraw_cxx.cpp within LibRaw 0.18.9. An attacker may exploit this weakness to potentially execute arbitrary code or crash the application, leading to significant security risks. It is crucial for users to apply available patches or upgrade to secure versions to mitigate the potential impact of this vulnerability.

References

https://github.com/LibRaw/LibRaw/issues/144
x_refsource_MISC
https://usn.ubuntu.com/3639-1/
vendor-advisoryx_refsource_UBUNTU
https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.