CVE-2018-25017
CRITICALRawSpeed 3.1 - Heap-Based Buffer Overflow in TableLookUp::setTable
Title source: llmDescription
RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256
Third Party Advisory x_refsource_misc
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml
Patch, Third Party Advisory x_refsource_misc
https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9
Scores
CVSS v3
9.8
EPSS
0.0174
EPSS Percentile
75.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
rawspeed/rawspeed
3.1
Published
Jul 01, 2021
Tracked Since
Feb 18, 2026