Fluid Attacks Database

Description

A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 13	dcraw	=9.28-8
debian 11	dcraw	=9.28-2 \|\| =9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
debian 14	dcraw	=9.28-8
debian 12	dcraw	=9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
rpm rhel8	dcraw	-
rpm rhel7	dcraw	-
rpm rhel6	dcraw	-
rpm rhel5	dcraw	-

Aliases

1. CVE-2018-195682. NVD-2018-195683. OSV-DEBIAN-2018-195684. OSV-2018-195685. SECURITY-TRACKER-CVE-2018-19568

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.