Описание
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Отчет
This flaw does not affect LibRaw as shipped with Red Hat Enterprise Linux 7 or 8 as the vulnerable code was introduced in a subsequent version of LibRaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | libkdcraw | Not affected | ||
| Red Hat Enterprise Linux 7 | LibRaw | Not affected | ||
| Red Hat Enterprise Linux 8 | dcraw | Not affected | ||
| Red Hat Enterprise Linux 8 | LibRaw | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNo ...
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
EPSS
5.3 Medium
CVSS3