CVE-2018-5801

Опубликовано: 07 дек. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

Ссылки

https://access.redhat.com/errata/RHSA-2018:3065
Third Party Advisory
https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
Release Notes
https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914
Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
Mailing List
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/79000/
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
Third Party Advisory
https://usn.ubuntu.com/3615-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3065
Third Party Advisory
https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
Release Notes
https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914
Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
Mailing List
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/79000/
Third Party Advisory
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
Third Party Advisory
https://usn.ubuntu.com/3615-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*

Версия до 0.18.7 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01527

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2018-5801

CVSS3: 6.5

ubuntu

почти 7 лет назад

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5801

CVSS3: 3.3

redhat

почти 8 лет назад

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5801

CVSS3: 6.5

debian

почти 7 лет назад

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...

GHSA-chvh-r3pc-vjf8

CVSS3: 6.5

github

больше 3 лет назад

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

BDU:2022-05868

CVSS3: 6.5

fstec

почти 8 лет назад

Уязвимость компонента src/libraw_cxx.cpp библиотеки для обработки изображений LibRaw, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%

0.01527

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476