Fluid Attacks Database

Description

A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 14	dcraw	=9.28-8
debian 12	dcraw	=9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
debian 11	dcraw	=9.28-2 \|\| =9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
debian 13	dcraw	=9.28-8
rpm rhel8	dcraw	-
rpm rhel6	dcraw	-
rpm rhel7	dcraw	-

Aliases

1. CVE-2018-195652. NVD-2018-195653. OSV-DEBIAN-2018-195654. OSV-2018-195655. SECURITY-TRACKER-CVE-2018-19565

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.