Fluid Attacks Database

Description

A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	dcraw	=9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
debian 11	dcraw	=9.28-2 \|\| =9.28-3 \|\| =9.28-3.1 \|\| =9.28-4 \|\| =9.28-5 \|\| =9.28-5.1 \|\| =9.28-6 \|\| =9.28-7 \|\| =9.28-8
debian 14	dcraw	=9.28-8
debian 13	dcraw	=9.28-8
rpm rhel5	dcraw	-
rpm rhel7	dcraw	-
rpm rhel8	dcraw	-
rpm rhel6	dcraw	-

Aliases

1. CVE-2018-195672. NVD-2018-195673. OSV-DEBIAN-2018-195674. OSV-2018-195675. SECURITY-TRACKER-CVE-2018-19567

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.