Fluid Attacks Database

Description

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	dcraw	>=0 <9.28-2	9.28-2
debian 13	dcraw	>=0 <9.28-2	9.28-2
debian 14	dcraw	>=0 <9.28-2	9.28-2
debian 12	dcraw	>=0 <9.28-2	9.28-2
rpm rhel6	dcraw	-	-
rpm rhel8	dcraw	-	-
rpm rhel7	dcraw	-	-

Aliases

1. CVE-2018-196552. NVD-2018-196553. OSV-DEBIAN-2018-196554. OSV-2018-196555. SECURITY-TRACKER-CVE-2018-19655

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.