Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
8.8
2018-12-07 CVE-2018-9518 Out-of-bounds Write vulnerability in multiple products
In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google canonical CWE-787
7.8
7.8
2018-12-07 CVE-2018-5816 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
network
low complexity
libraw canonical CWE-190
6.5
6.5
2018-12-07 CVE-2018-5815 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
network
low complexity
libraw canonical CWE-190
6.5
6.5
2018-12-07 CVE-2018-5813 Infinite Loop vulnerability in multiple products
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
network
low complexity
libraw canonical CWE-835
6.5
6.5
2018-12-07 CVE-2018-5812 NULL Pointer Dereference vulnerability in multiple products
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
network
low complexity
libraw canonical CWE-476
6.5
6.5
2018-12-07 CVE-2018-5811 Out-of-bounds Read vulnerability in multiple products
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
network
low complexity
libraw canonical CWE-125
6.5
6.5
2018-12-07 CVE-2018-5810 Out-of-bounds Write vulnerability in multiple products
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
network
low complexity
libraw canonical CWE-787
8.8
8.8
2018-12-07 CVE-2018-5807 Out-of-bounds Read vulnerability in multiple products
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
network
low complexity
libraw canonical CWE-125
8.8
8.8
2018-12-07 CVE-2018-5802 Out-of-bounds Read vulnerability in multiple products
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
network
low complexity
libraw redhat canonical debian CWE-125
8.8
8.8