Vulnerabilities > Libraw > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2015-8367 | Improper Initialization vulnerability in Libraw The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | 9.8 |
| 2020-01-14 | CVE-2015-8366 | Improper Validation of Array Index vulnerability in Libraw Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | 9.8 |
| 2017-09-20 | CVE-2017-14608 | Out-of-bounds Read vulnerability in Libraw In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. | 9.1 |
| 2017-09-11 | CVE-2017-14265 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. | 9.8 |
| 2017-05-16 | CVE-2017-6886 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | 9.8 |
| 2017-05-15 | CVE-2017-6890 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2 A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. | 9.8 |
| 2017-05-15 | CVE-2017-6889 | Integer Overflow or Wraparound vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2 An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | 9.8 |