dcraw project dcraw 7.00

CPE Details

dcraw project dcraw 7.00
dcraw_project
dcraw
7.00
2015-05-20
12h17 +00:00
2015-05-27
16h18 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:dcraw_project:dcraw:7.00:*:*:*:*:*:*:*

Informations

Vendor

dcraw_project

Product

dcraw

Version

7.00

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-19655 2018-11-29 04h00 +00:00 A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
8.8
Haute
CVE-2018-19565 2018-11-26 20h00 +00:00 A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
7.1
Haute
CVE-2018-19566 2018-11-26 20h00 +00:00 A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
7.1
Haute
CVE-2018-19567 2018-11-26 20h00 +00:00 A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
5.5
Moyen
CVE-2018-19568 2018-11-26 20h00 +00:00 A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
5.5
Moyen
CVE-2015-3885 2015-05-19 16h00 +00:00 Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
4.3
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.