CVE-2017-16909

HIGH8.8

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common

Published Dec 7, 2018

Modified 1 years ago

Details

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

References

WEB

https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt

WEB

https://github.com/LibRaw/LibRaw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a

ADVISORY

https://secuniaresearch.flexerasoftware.com/advisories/76000/

WEB

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/

ADVISORY

https://usn.ubuntu.com/3615-1/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2017-16909

CVSS Analysis

CVSS v3.0

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedDec 7, 2018

ModifiedAug 5, 2024