Out-of-Bounds Read Vulnerability in LibRaw Affects Image Processing Software
CVE-2018-10529

8.8HIGH

Key Information:

Vendor
Canonical
Status
Ubuntu Linux
Vendor
CVE Published:
29 April 2018

Summary

An out-of-bounds read issue has been identified in LibRaw 0.18.9, affecting the implementation of the X3F property table list in the source files libraw_x3f.cpp and libraw_cxx.cpp. This vulnerability can potentially lead to unauthorized access to sensitive data, impacting the security and integrity of the image processing workflows that rely on this library.

References

https://github.com/LibRaw/LibRaw/issues/144
x_refsource_MISC
https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a...
x_refsource_MISC
https://usn.ubuntu.com/3639-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.