An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1277-1 advisory.

  - There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw     0.18.2. It will lead to a remote denial of service attack. (CVE-2017-13735)

  - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in     dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose     potentially sensitive memory or cause an application crash. (CVE-2017-14608)

  - A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply     malicious files to crash an application that bundles the dcraw code or leak private information.
    (CVE-2018-19565)

  - A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply     malicious files to crash an application that bundles the dcraw code or leak private information.
    (CVE-2018-19566)

  - A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to     supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19567)

  - A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to     supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19568)

  - A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch     and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or     unspecified other impact via a maliciously crafted raw photo file. (CVE-2018-19655)

  - An error within the LibRaw::unpack() function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7     can be exploited to trigger a NULL pointer dereference. (CVE-2018-5801)

  - A boundary error within the quicktake_100_load_raw() function (internal/dcraw_common.cpp) in LibRaw     versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a     crash. (CVE-2018-5805)

  - An error within the leaf_hdr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to     0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)

  - There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted     X3F input image, arbitrary code may be executed in the victim's system. (CVE-2021-3624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1749-1 advisory.

  - There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw     0.18.2. It will lead to a remote denial of service attack. (CVE-2017-13735)

  - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in     dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose     potentially sensitive memory or cause an application crash. (CVE-2017-14608)

  - A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply     malicious files to crash an application that bundles the dcraw code or leak private information.
    (CVE-2018-19565)

  - A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply     malicious files to crash an application that bundles the dcraw code or leak private information.
    (CVE-2018-19566)

  - A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to     supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19567)

  - A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to     supply malicious files to crash an application that bundles the dcraw code. (CVE-2018-19568)

  - A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch     and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or     unspecified other impact via a maliciously crafted raw photo file. (CVE-2018-19655)

  - An error within the LibRaw::unpack() function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7     can be exploited to trigger a NULL pointer dereference. (CVE-2018-5801)

  - A boundary error within the quicktake_100_load_raw() function (internal/dcraw_common.cpp) in LibRaw     versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a     crash. (CVE-2018-5805)

  - An error within the leaf_hdr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to     0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)

  - There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted     X3F input image, arbitrary code may be executed in the victim's system. (CVE-2021-3624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2903 advisory.

  - In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in     dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose     potentially sensitive memory or cause an application crash. (CVE-2017-14608)

  - An error related to the LibRaw::panasonic_load_raw() function (dcraw_common.cpp) in LibRaw versions     prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via     a specially crafted TIFF image. (CVE-2017-16909)

  - An error within the LibRaw::xtrans_interpolate() function (internal/dcraw_common.cpp) in LibRaw versions     prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of     Service condition. (CVE-2017-16910)

  - LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20363)

  - LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. (CVE-2018-20364)

  - LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. (CVE-2018-20365)

  - An off-by-one error within the LibRaw::kodak_ycbcr_load_raw() function (internal/dcraw_common.cpp) in     LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently     cause a crash. (CVE-2018-5800)

  - An error within the LibRaw::unpack() function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7     can be exploited to trigger a NULL pointer dereference. (CVE-2018-5801)

  - An error within the kodak_radc_load_raw() function (internal/dcraw_common.cpp) related to the buf     variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access     and subsequently cause a crash. (CVE-2018-5802)

  - A type confusion error within the identify() function (internal/dcraw_common.cpp) in LibRaw versions     prior to 0.18.8 can be exploited to trigger a division by zero. (CVE-2018-5804)

  - A boundary error within the quicktake_100_load_raw() function (internal/dcraw_common.cpp) in LibRaw     versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a     crash. (CVE-2018-5805)

  - An error within the leaf_hdr_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to     0.18.8 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5806)

  - An error within the samsung_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to     0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
    (CVE-2018-5807)

  - An error within the find_green() function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9     can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
    (CVE-2018-5808)

  - An error within the rollei_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions prior to     0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
    (CVE-2018-5810)

  - An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions     prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a     crash. (CVE-2018-5811)

  - An error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) in LibRaw versions     prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. (CVE-2018-5812)

  - An error within the parse_minolta() function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be     exploited to trigger an infinite loop via a specially crafted file. (CVE-2018-5813)

  - An integer overflow error within the parse_qt() function (internal/dcraw_common.cpp) in LibRaw versions     prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime     file. (CVE-2018-5815)

  - A type confusion error within the unpacked_load_raw() function within LibRaw versions prior to 0.19.1     (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. (CVE-2018-5817)

  - An error within the parse_rollei() function (internal/dcraw_common.cpp) within LibRaw versions prior to     0.19.1 can be exploited to trigger an infinite loop. (CVE-2018-5818)

  - An error within the parse_sinar_ia() function (internal/dcraw_common.cpp) within LibRaw versions prior     to 0.19.1 can be exploited to exhaust available CPU resources. (CVE-2018-5819)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libkdcraw packages installed that are affected by multiple vulnerabilities:

  - LibRaw is vulnerable to stack-based buffer overflow in     internal/dcraw_common.cpp:quicktake_100_load_raw()     function when processing specially-crafted RAW data. An     attacker could potentially use this flaw to cause an     arbitrary code execution or denial of service.
    (CVE-2018-5805)

  - A NULL pointer dereference flaw was found in the way     LibRaw processed images. An attacker could potentially     use this flaw to crash applications using LibRaw by     tricking them into processing crafted images.
    (CVE-2018-5801)

  - An out-of-bounds read flaw was found in the way LibRaw     processed images. An attacker could potentially use this     flaw to crash applications using LibRaw by tricking them     into processing crafted images. (CVE-2018-5802)

  - A NULL pointer dereference vulnerability in     internal/dcraw_common.cpp:leaf_hdr_load_raw() function     was found in LibRaw. A user can cause a denial of     service when processing specially-crafted RAW data.
    (CVE-2018-5806)

  - A heap-based out-of-bounds access flaw was found in the     way LibRaw processed images. An attacker could     potentially use this flaw to crash applications using     LibRaw by tricking them into processing crafted images.
    (CVE-2018-5800)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Secunia Research has discovered multiple vulnerabilities in libraw, a raw image decoder library, which can be exploited to cause a Denial of Service.

The issues contain divisions by zero, out-of-bounds read memory access, heap-based buffer overflows and NULL pointer dereferences.

For Debian 8 'Jessie', these problems have been fixed in version 0.16.0-9+deb8u4.

We recommend that you upgrade your libraw packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New version of dcraw is available 9.28.0

Security fix for CVE-2018-5801

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

An update for libkdcraw is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es) :

* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function src/ libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/ dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

From Red Hat Security Advisory 2018:3065 :

An update for libkdcraw is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files.

Security Fix(es) :

* LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805)

* LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800)

* LibRaw: NULL pointer dereference in LibRaw::unpack function src/ libraw_cxx.cpp (CVE-2018-5801)

* LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/ dcraw_common.cpp (CVE-2018-5802)

* LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

This update for libraw fixes the following issues :

Security issues fixed :

CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691).

CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690).

CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function (bsc#1084688).

CVE-2018-5813: Fixed infinite loop in the parse_minolta function (bsc#1103200)

CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw (bsc#1103353)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libraw fixes the following issues :

  - CVE-2018-5800: Specially crafted RAW files may have     caused an application crash via a heap-based buffer     overflow (boo#1084690)

  - CVE-2018-5801: Specially crafted RAW files may have been     used to trigger a NULL pointer de-reference     (boo#1084691)

  - CVE-2018-5802: Specially crafted RAW files may have     caused an application crash via a heap-based buffer     overflow (boo#1084688)

Secunia Research reports :

CVE-2018-5800: An off-by-one error within the 'LibRaw::kodak_ycbcr_load_raw()' function (internal/dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2017-5801: An error within the 'LibRaw::unpack()' function (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.

CVE-2017-5802: An error within the 'kodak_radc_load_raw()' function (internal/dcraw_common.cpp) related to the 'buf' variable can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

ID	Name	Product	Family	Severity
170226	openSUSE 15 Security Update : dcraw (SUSE-SU-2022:1277-1)	Nessus	SuSE Local Security Checks	critical
161391	SUSE SLED12 / SLES12 Security Update : dcraw (SUSE-SU-2022:1749-1)	Nessus	SuSE Local Security Checks	critical
158247	Debian DLA-2903-1 : libraw - LTS security update	Nessus	Debian Local Security Checks	critical
127269	NewStart CGSL CORE 5.04 / MAIN 5.04 : libkdcraw Multiple Vulnerabilities (NS-SA-2019-0068)	Nessus	NewStart CGSL Local Security Checks	high
123471	Debian DLA-1734-1 : libraw security update	Nessus	Debian Local Security Checks	high
120584	Fedora 28 : dcraw (2018-866bd0e3c2)	Nessus	Fedora Local Security Checks	medium
119190	Scientific Linux Security Update : libkdcraw on SL7.x x86_64 (20181030)	Nessus	Scientific Linux Local Security Checks	high
118987	CentOS 7 : libkdcraw (CESA-2018:3065)	Nessus	CentOS Local Security Checks	high
118767	Oracle Linux 7 : libkdcraw (ELSA-2018-3065)	Nessus	Oracle Linux Local Security Checks	high
118522	RHEL 7 : libkdcraw (RHSA-2018:3065)	Nessus	Red Hat Local Security Checks	high
118353	SUSE SLED12 Security Update : libraw (SUSE-SU-2018:3343-1)	Nessus	SuSE Local Security Checks	high
108832	Ubuntu 14.04 LTS / 16.04 LTS : LibRaw vulnerabilities (USN-3615-1)	Nessus	Ubuntu Local Security Checks	high
108445	openSUSE Security Update : libraw (openSUSE-2018-281)	Nessus	SuSE Local Security Checks	high
106855	FreeBSD : libraw -- multiple DoS vulnerabilities (6f0b0cbf-1274-11e8-8b5b-4ccc6adda413)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2018-5801

medium

Tenable Plugins

critical

critical

critical

high

high

medium

high

high

high

high

high

high

high

high