Fluid Attacks Database

Description

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libraw	>=0 <0.18.2-2	0.18.2-2
alpine v3.3	libraw	=0.12.3-r0 \|\| =0.13.2-r0 \|\| =0.13.5-r0 \|\| =0.13.5-r1 \|\| =0.13.6-r0 \|\| =0.13.7-r0 \|\| =0.13.8-r0 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.14.6-r0 \|\| =0.14.7-r0 \|\| =0.15.2-r0 \|\| =0.15.2-r1 \|\| =0.15.4-r0 \|\| =0.16.0-r0 \|\| =0.16.1-r0 \|\| =0.16.2-r0 \|\| =0.17.0-r0 \|\| =0.17.1-r0 \|\| =0.17.2-r0 \|\| >=0 <0.17.2-r1	0.17.2-r1
alpine v3.5	libraw	=0.12.3-r0 \|\| =0.13.2-r0 \|\| =0.13.5-r0 \|\| =0.13.5-r1 \|\| =0.13.6-r0 \|\| =0.13.7-r0 \|\| =0.13.8-r0 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.14.6-r0 \|\| =0.14.7-r0 \|\| =0.15.2-r0 \|\| =0.15.2-r1 \|\| =0.15.4-r0 \|\| =0.16.0-r0 \|\| =0.16.1-r0 \|\| =0.16.2-r0 \|\| =0.17.0-r0 \|\| =0.17.1-r0 \|\| =0.17.2-r0 \|\| >=0 <0.17.2-r1	0.17.2-r1
alpine v3.6	libraw	=0.12.3-r0 \|\| =0.13.2-r0 \|\| =0.13.5-r0 \|\| =0.13.5-r1 \|\| =0.13.6-r0 \|\| =0.13.7-r0 \|\| =0.13.8-r0 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.14.6-r0 \|\| =0.14.7-r0 \|\| =0.15.2-r0 \|\| =0.15.2-r1 \|\| =0.15.4-r0 \|\| =0.16.0-r0 \|\| =0.16.1-r0 \|\| =0.16.2-r0 \|\| =0.17.0-r0 \|\| =0.17.1-r0 \|\| =0.17.2-r0 \|\| >=0 <0.17.2-r1	0.17.2-r1
debian 12	libraw	>=0 <0.18.2-2	0.18.2-2
debian 11	libraw	>=0 <0.18.2-2	0.18.2-2
debian 14	libraw	>=0 <0.18.2-2	0.18.2-2
alpine v3.4	libraw	=0.12.3-r0 \|\| =0.13.2-r0 \|\| =0.13.5-r0 \|\| =0.13.5-r1 \|\| =0.13.6-r0 \|\| =0.13.7-r0 \|\| =0.13.8-r0 \|\| =0.14.3-r0 \|\| =0.14.4-r0 \|\| =0.14.5-r0 \|\| =0.14.6-r0 \|\| =0.14.7-r0 \|\| =0.15.2-r0 \|\| =0.15.2-r1 \|\| =0.15.4-r0 \|\| =0.16.0-r0 \|\| =0.16.1-r0 \|\| =0.16.2-r0 \|\| =0.17.0-r0 \|\| =0.17.1-r0 \|\| =0.17.2-r0 \|\| >=0 <0.17.2-r1	0.17.2-r1
rpm rhel7	LibRaw	-	-

Aliases

1. CVE-2017-68872. NVD-2017-68873. OSV-DEBIAN-2017-68874. OSV-2017-68875. OSV-ALPINE-2017-68876. SECURITY-TRACKER-CVE-2017-68877. SECURITY-CVE-2017-6887

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.