Fluid Attacks Database

Description

An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libraw	>=0 <0.19.1-1	0.19.1-1
debian 13	libraw	>=0 <0.19.1-1	0.19.1-1
debian 14	libraw	>=0 <0.19.1-1	0.19.1-1
debian 11	libraw	>=0 <0.19.1-1	0.19.1-1
rpm rhel7	libgnomekbd	<0:3.26.0-3.el7	0:3.26.0-3.el7
rpm rhel7	mutter	<0:3.28.3-10.el7	0:3.28.3-10.el7
rpm rhel7	cairo	<0:1.15.12-4.el7	0:1.15.12-4.el7
rpm rhel7	pidgin	<0:2.10.11-8.el7	0:2.10.11-8.el7
rpm rhel7	glib2	<0:2.56.1-5.el7	0:2.56.1-5.el7
rpm rhel7	nautilus	<0:3.26.3.1-6.el7	0:3.26.3.1-6.el7

1-10 of 25

Aliases

1. CVE-2018-58182. NVD-2018-58183. OSV-DEBIAN-2018-58184. OSV-2018-58185. SECURITY-TRACKER-CVE-2018-5818

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.