Fluid Attacks Database

Description

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libraw	>=0 <0.19.2-1	0.19.2-1
debian 11	libraw	>=0 <0.19.2-1	0.19.2-1
debian 13	libraw	>=0 <0.19.2-1	0.19.2-1
debian 12	libraw	>=0 <0.19.2-1	0.19.2-1
rpm rhel8	clutter	<0:1.26.2-8.el8	0:1.26.2-8.el8
rpm rhel8	gnome-settings-daemon	<0:3.32.0-9.el8	0:3.32.0-9.el8
rpm rhel8	gnome-control-center	<0:3.28.2-19.el8	0:3.28.2-19.el8
rpm rhel8	LibRaw	<0:0.19.5-1.el8	0:0.19.5-1.el8
rpm rhel8	gnome-tweaks	<0:3.28.1-7.el8	0:3.28.1-7.el8
rpm rhel8	gnome-session	<0:3.28.1-8.el8	0:3.28.1-8.el8

1-10 of 34

Aliases

1. CVE-2018-203372. NVD-2018-203373. OSV-DEBIAN-2018-203374. OSV-2018-203375. SECURITY-TRACKER-CVE-2018-20337

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.