View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-20337 severity low: SUSE including 93 source package names (LibRaw-0.19.5-1.el8, LibRaw-devel-0.19.5-1.el8, …), 122 product×package rows across 29 product lines (SUSE Liberty Linux 8, SUSE Linux Enterprise Desktop 12 SP3, … (29 product lines)): Fixed 106, Known Not Affected 16.
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.