Type Confusion Vulnerability in LibRaw Affects Multiple Versions
CVE-2018-5817

7.5HIGH

Key Information:

Vendor

Flexera Software Llc

Status
Libraw
Vendor
CVE Published:
20 February 2019

What is CVE-2018-5817?

LibRaw contains a type confusion error in the 'unpacked_load_raw()' function, specifically in versions prior to 0.19.1. This vulnerability can be exploited by attackers to cause an infinite loop condition, potentially leading to a denial of service. Users are encouraged to update to version 0.19.1 or later to mitigate risks associated with this vulnerability. For detailed information on resolution and updates, refer to the official security advisories from Debian and Ubuntu.

Affected Version(s)

LibRaw 0.19.0 and prior

References

https://secuniaresearch.flexerasoftware.com/secunia_resea...
x_refsource_MISC
https://www.libraw.org/news/libraw-0-19-2-release
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/03/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.