High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-17	CVE-2021-32142	Out-of-bounds Write vulnerability in Libraw 0.20.0 Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. local low complexity libraw CWE-787	7.8
2021-06-02	CVE-2020-24870	Out-of-bounds Write vulnerability in Libraw Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. network low complexity libraw CWE-787	8.8
2020-09-16	CVE-2020-24889	Classic Buffer Overflow vulnerability in Libraw A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. local low complexity libraw CWE-120	7.8
2020-07-02	CVE-2020-15503	Improper Input Validation vulnerability in multiple products LibRaw before 0.20-RC1 lacks a thumbnail size range check. network low complexity libraw fedoraproject debian CWE-20	7.5
2020-01-14	CVE-2015-8367	Improper Initialization vulnerability in Libraw The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. network low complexity libraw CWE-665	7.5
2020-01-14	CVE-2015-8366	Improper Validation of Array Index vulnerability in Libraw Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. network low complexity libraw CWE-129	7.5
2019-02-20	CVE-2018-5819	Resource Exhaustion vulnerability in multiple products An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. network low complexity libraw debian CWE-400	7.8
2018-12-07	CVE-2018-5816	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). network libraw canonical CWE-190	7.1
2018-12-07	CVE-2018-5815	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. network libraw canonical CWE-190	7.1
2018-12-07	CVE-2018-5813	Infinite Loop vulnerability in multiple products An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. network libraw canonical CWE-835	7.1