exploitDog

CVE-2018-19566

Опубликовано: 23 нояб. 2018

Источник: redhat

CVSS3: 4.4

Описание

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	dcraw	Will not fix
Red Hat Enterprise Linux 6	dcraw	Will not fix
Red Hat Enterprise Linux 7	dcraw	Fix deferred
Red Hat Enterprise Linux 8	dcraw	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1656778dcraw: Heap buffer over-read in parse_tiff_ifd resulting in a denial of service or information leak

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2018-19566

CVSS3: 7.1

ubuntu

около 7 лет назад

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

CVE-2018-19566

CVSS3: 7.1

nvd

около 7 лет назад

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

CVE-2018-19566

CVSS3: 7.1

debian

около 7 лет назад

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ...

GHSA-qchv-v695-4m9x

CVSS3: 7.1

github

больше 3 лет назад

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

SUSE-SU-2022:1749-1

suse-cvrf

больше 3 лет назад

Security update for dcraw

4.4 Medium

CVSS3