Search CVE reports
51 – 59 of 59 results
Some fixes available 4 of 100
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
8 affected packages
dcraw, exactimage, kodi, rawtherapee, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 72
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
8 affected packages
darktable, dcraw, kodi, xbmc, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| dcraw | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ufraw | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 1 of 89
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
8 affected packages
darktable, kodi, xbmc, exactimage, rawtherapee...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| kodi | Needs evaluation | Vulnerable | Vulnerable | Vulnerable |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Not affected | Not affected | Not affected | Not affected |
| libraw | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
Some fixes available 1 of 109
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
8 affected packages
darktable, kodi, xbmc, dcraw, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Vulnerable | Vulnerable | Vulnerable |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| dcraw | Not affected | Not affected | Not affected | Vulnerable |
| libraw | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 2 of 53
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
10 affected packages
darktable, rawstudio, libraw, dcraw, freeimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| rawstudio | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected |
| dcraw | Not affected | Not affected | Not affected | Not affected |
| freeimage | Not affected | Not affected | Not affected | Not affected |
| kodi | Needs evaluation | Not affected | Not affected | Not affected |
| exactimage | Not affected | Not affected | Not affected | Not affected |
| rawtherapee | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release |
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | — |
| libkdcraw | — | — | — | — |
| libraw | — | — | — | — |
Some fixes available 22 of 29
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code...
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | — |
| libkdcraw | — | — | — | — |
| libraw | — | — | — | — |
Some fixes available 15 of 32
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
3 affected packages
darktable, libkdcraw, libraw
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | — | Not affected |
| libkdcraw | — | — | — | Not in release |
| libraw | — | — | — | Fixed |
Some fixes available 40 of 108
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a...
9 affected packages
darktable, libraw, rawtherapee, dcraw, exactimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected |
| libraw | Fixed | Fixed | Fixed | Fixed |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Not affected | Not affected | Not affected | Vulnerable |
| exactimage | Not affected | Not affected | Not affected | Not affected |
| libkdcraw | Not in release | Not in release | Not in release | Not in release |
| rawstudio | Not in release | Not in release | Not in release | Not in release |
| ufraw | Not in release | Not in release | Not in release | Fixed |
| xmbc | Not in release | Not in release | Not in release | Not in release |