Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Workstation Extension 12 SP5 package dcraw, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2017-14608 — CVSS 9.1 (critical): In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and…
CVE-2018-19655 — CVSS 8.8 (high): A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow…
CVE-2018-5805 — CVSS 8.8 (high): A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be…
CVE-2021-3624 — CVSS 7.8 (high): There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code…
CVE-2017-13735 — CVSS 7.5 (high): There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote…
CVE-2018-19566 — CVSS 7.1 (high): A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an…
CVE-2018-19565 — CVSS 7.1 (high): A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an…
CVE-2018-5801 — CVSS 6.5 (medium): An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL…
CVE-2018-5806 — CVSS 6.5 (medium): An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to…
CVE-2018-19568 — CVSS 5.5 (medium): A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash…
CVE-2018-19567 — CVSS 5.5 (medium): A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an…