Aggregates CVE and security vulnerability intelligence across all LibRaw-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact application crash, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-5810 | An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | [email protected] | 8.8 | 2.10% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5809 | An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | [email protected] | 8.8 | 2.79% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5808 | An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | [email protected] | 8.8 | 2.79% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5807 | An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | [email protected] | 8.8 | 1.98% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5806 | An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. | [email protected] | 6.5 | 1.69% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5805 | A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. | [email protected] | 8.8 | 1.98% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5804 | A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. | [email protected] | 6.5 | 1.68% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5802 | An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | [email protected] | 8.8 | 1.97% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5801 | An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | [email protected] | 6.5 | 2.04% | 2018-12-07 | 2026-06-16 |
| CVE-2018-5800 | An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | [email protected] | 6.5 | 2.55% | 2018-12-07 | 2026-06-16 |
| CVE-2017-16910 | An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | [email protected] | 6.5 | 1.80% | 2018-12-07 | 2026-06-16 |
| CVE-2017-16909 | An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. | [email protected] | 8.8 | 1.99% | 2018-12-07 | 2026-06-16 |
| CVE-2018-10529 | An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | [email protected] | 8.8 | 1.95% | 2018-04-28 | 2026-06-16 |
| CVE-2018-10528 | An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | [email protected] | 8.8 | 2.53% | 2018-04-28 | 2026-06-16 |
| CVE-2017-14608 | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | [email protected] | 9.1 | 2.10% | 2017-09-20 | 2026-06-16 |
| CVE-2017-14348 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | [email protected] | 8.8 | 2.12% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14265 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | [email protected] | 9.8 | 4.34% | 2017-09-11 | 2026-06-16 |
| CVE-2017-13735 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | [email protected] | 7.5 | 2.99% | 2017-08-29 | 2026-06-16 |
| CVE-2017-6887 | A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. | [email protected] | 7.8 | 1.56% | 2017-05-16 | 2026-06-16 |
| CVE-2017-6886 | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | [email protected] | 9.8 | 3.36% | 2017-05-16 | 2026-06-16 |