Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10529 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | |||||
| CVE-2018-10528 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | |||||
| CVE-2017-6887 | 1 Libraw | 1 Libraw | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. | |||||
| CVE-2017-6886 | 1 Libraw | 1 Libraw | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | |||||
| CVE-2017-16910 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||||
| CVE-2017-16909 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. | |||||
| CVE-2017-14608 | 1 Libraw | 1 Libraw | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |||||
| CVE-2017-14348 | 1 Libraw | 1 Libraw | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | |||||
| CVE-2017-14265 | 1 Libraw | 1 Libraw | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | |||||
| CVE-2017-13735 | 1 Libraw | 1 Libraw | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||||
| CVE-2015-8367 | 1 Libraw | 1 Libraw | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | |||||
| CVE-2015-8366 | 1 Libraw | 1 Libraw | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | |||||
| CVE-2013-2127 | 1 Libraw | 1 Libraw | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-2126 | 3 Canonical, Libraw, Opensuse | 3 Ubuntu Linux, Libraw, Opensuse | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. | |||||
| CVE-2013-1439 | 1 Libraw | 1 Libraw | 2026-06-16 | 4.3 MEDIUM | N/A |
| The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | |||||
| CVE-2026-5318 | 1 Libraw | 1 Libraw | 2026-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component. | |||||
| CVE-2026-5342 | 1 Libraw | 1 Libraw | 2026-04-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component. | |||||
| CVE-2026-24660 | 1 Libraw | 1 Libraw | 2026-04-10 | N/A | 8.1 HIGH |
| A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2026-24450 | 1 Libraw | 1 Libraw | 2026-04-10 | N/A | 8.1 HIGH |
| An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2026-21413 | 1 Libraw | 1 Libraw | 2026-04-10 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||