LibRaw CVE 脆弱性と CVE 一覧(65)

製品(CPE): — CVE 件数: 65

LibRaw 脆弱性概要

LibRaw 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 2140 / 65 CVE 件数
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-35530 In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. [email protected] 5.5 0.37% 2022-09-01 2026-06-16
CVE-2020-24870 Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. [email protected] 8.8 1.62% 2021-06-02 2026-06-16
CVE-2020-24890 libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way [email protected] 5.5 1.55% 2020-09-16 2026-06-16
CVE-2020-24889 A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. [email protected] 7.8 1.44% 2020-09-16 2026-06-16
CVE-2020-15503 LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. [email protected] 7.5 3.67% 2020-07-02 2026-06-16
CVE-2020-15365 LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. [email protected] 6.5 1.33% 2020-06-28 2026-06-16
CVE-2015-8367 The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. [email protected] 9.8 5.45% 2020-01-14 2026-06-16
CVE-2015-8366 Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. [email protected] 9.8 4.94% 2020-01-14 2026-06-16
CVE-2018-5819 An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. [email protected] 7.5 2.82% 2019-02-20 2026-06-16
CVE-2018-5818 An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. [email protected] 7.5 2.33% 2019-02-20 2026-06-16
CVE-2018-5817 A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. [email protected] 7.5 2.50% 2019-02-20 2026-06-16
CVE-2018-20365 LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. [email protected] 6.5 2.78% 2018-12-22 2026-06-16
CVE-2018-20364 LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. [email protected] 6.5 2.64% 2018-12-22 2026-06-16
CVE-2018-20363 LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. [email protected] 6.5 2.84% 2018-12-22 2026-06-16
CVE-2018-20337 There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. [email protected] 8.8 2.07% 2018-12-21 2026-06-16
CVE-2018-5816 An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). [email protected] 6.5 2.11% 2018-12-07 2026-06-16
CVE-2018-5815 An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. [email protected] 6.5 2.19% 2018-12-07 2026-06-16
CVE-2018-5813 An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. [email protected] 6.5 2.09% 2018-12-07 2026-06-16
CVE-2018-5812 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. [email protected] 6.5 1.79% 2018-12-07 2026-06-16
CVE-2018-5811 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. [email protected] 6.5 1.80% 2018-12-07 2026-06-16
cvelogic Threat Intelligence