MidnightBSD

Advisories for libraw

CVE-2013-1439 MEDIUM

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libraw libraw 0.14.5
libraw libraw 0.15.0
libraw libraw 0.14.2
libraw libraw 0.15.1
libraw libraw 0.13.2
libraw libraw 0.14.4
libraw libraw 0.14.1
libraw libraw 0.13.1
libraw libraw 0.14.6
libraw libraw 0.13.8
libraw libraw 0.14.0
libraw libraw 0.14.7
libraw libraw 0.13.4
libraw libraw 0.14.3
libraw libraw 0.13.7
libraw libraw 0.13.6
libraw libraw 0.15.2
libraw libraw 0.13.3
libraw libraw 0.13.5
libraw libraw 0.13.0
libraw libraw 0.15.3
CVE-2013-2126 HIGH

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libraw libraw 0.15.0
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.04
libraw libraw *
opensuse opensuse 12.2
opensuse opensuse 12.3
CVE-2013-2127 HIGH

Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2015-8366 HIGH

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2015-8367 HIGH

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-665,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-13735 MEDIUM

There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libraw libraw 0.18.2
CVE-2017-14265 HIGH

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-14348 MEDIUM

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-14608 MEDIUM

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-16909 MEDIUM

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
CVE-2017-16910 MEDIUM

An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
CVE-2017-6886 HIGH

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-6887 MEDIUM

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2017-6889 HIGH

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libraw libraw-demosaic-pack-gpl2 *
CVE-2017-6890 HIGH

A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libraw libraw-demosaic-pack-gpl2 *
CVE-2018-10528 MEDIUM

An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
libraw libraw 0.18.9
canonical ubuntu_linux 18.04
CVE-2018-10529 MEDIUM

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
libraw libraw 0.18.9
canonical ubuntu_linux 18.04
CVE-2018-20337 MEDIUM

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw 0.19.1
CVE-2018-20363 MEDIUM

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2018-20364 MEDIUM

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2018-20365 MEDIUM

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2018-5800 MEDIUM

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-5801 MEDIUM

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-5802 MEDIUM

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-5804 MEDIUM

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,CWE-704,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2018-5805 MEDIUM

A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
libraw libraw *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-5806 MEDIUM

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
libraw libraw *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
CVE-2018-5807 MEDIUM

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5808 MEDIUM

An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libraw libraw *
CVE-2018-5809 MEDIUM

An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2018-5810 MEDIUM

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5811 MEDIUM

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5812 MEDIUM

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5813 HIGH

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5815 HIGH

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5816 HIGH

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libraw libraw *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2018-5817 MEDIUM

A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libraw libraw *
CVE-2018-5818 MEDIUM

An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libraw libraw *
CVE-2018-5819 HIGH

An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libraw libraw *
CVE-2020-15365 MEDIUM

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw 0.20
CVE-2020-15503 MEDIUM

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libraw libraw 0.20
fedoraproject fedora 31
fedoraproject fedora 32
debian debian_linux 10.0
libraw libraw *
CVE-2020-22628

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
libraw libraw *
CVE-2020-24870 MEDIUM

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2020-24889 MEDIUM

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2020-24890 LOW

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libraw libraw 0.20.0
CVE-2020-35530

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
debian debian_linux 10.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
debian debian_linux 10.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2020-35532

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
debian debian_linux 10.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2020-35533

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
debian debian_linux 10.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2020-35534

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2020-35535

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libraw libraw 0.20.0
libraw libraw 0.21.0
libraw libraw 0.20.2
libraw libraw 0.20.1
CVE-2021-32142

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
libraw libraw 0.20.0
CVE-2023-1729

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
libraw libraw *
fedoraproject fedora 37
fedoraproject fedora 38
redhat enterprise_linux 8.0
CVE-2025-43961

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
libraw libraw *
CVE-2025-43962

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
libraw libraw *
CVE-2025-43963

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
libraw libraw *
CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
libraw libraw *
CVE-2026-5318 MEDIUM

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libraw libraw *
CVE-2026-5342 MEDIUM

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
libraw libraw *