CVE-2017-6889

Опубликовано: 15 мая 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

Ссылки

https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716
Patch
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/75000/
Permissions Required
Third Party Advisory
https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716
Patch
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/75000/
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libraw:libraw-demosaic-pack-gpl2:*:*:*:*:*:*:*:*

Версия до 0.18.1 (включая)

EPSS

Процентиль: 62%

0.00436

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2017-6889

CVSS3: 9.8

ubuntu

больше 8 лет назад

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

GHSA-hh27-7rq7-g8w3

CVSS3: 9.8

github

больше 3 лет назад

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

openSUSE-SU-2017:1460-1

suse-cvrf

больше 8 лет назад

Security update for libraw

SUSE-SU-2017:2300-1

suse-cvrf

больше 8 лет назад

Security update for libraw

EPSS

Процентиль: 62%

0.00436

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190