Vulnerabilities > Dcraw Project

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2021-3624 Integer Overflow or Wraparound vulnerability in multiple products
There is an integer overflow vulnerability in dcraw.
local
low complexity
dcraw-project debian CWE-190
7.8
2018-11-29 CVE-2018-19655 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
network
low complexity
dcraw-project suse CWE-787
8.8
2018-11-26 CVE-2018-19568 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dcraw Project Dcraw 7.00/9.28
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
local
low complexity
dcraw-project CWE-119
5.5
2018-11-26 CVE-2018-19567 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dcraw Project Dcraw 7.00/9.28
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
local
low complexity
dcraw-project CWE-119
5.5
2018-11-26 CVE-2018-19566 Out-of-bounds Read vulnerability in Dcraw Project Dcraw 7.00/9.28
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
local
low complexity
dcraw-project CWE-125
7.1
2018-11-26 CVE-2018-19565 Out-of-bounds Read vulnerability in Dcraw Project Dcraw 7.00/9.28
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
local
low complexity
dcraw-project CWE-125
7.1