Fluid Attacks Database

Description

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libraw	>=0 <0.18.5-1	0.18.5-1
debian 12	libraw	>=0 <0.18.5-1	0.18.5-1
debian 13	libraw	>=0 <0.18.5-1	0.18.5-1
debian 14	libraw	>=0 <0.18.5-1	0.18.5-1
rpm rhel7	LibRaw	-	-
rpm rhel5	dcraw	-	-
rpm rhel7	dcraw	-	-
rpm rhel6	dcraw	-	-

Aliases

1. CVE-2017-146082. NVD-2017-146083. OSV-DEBIAN-2017-146084. OSV-2017-146085. SECURITY-TRACKER-CVE-2017-14608

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.