CVE-2018-5817

HIGH

LibRaw <0.19.1 - Use After Free

Title source: llm

Description

A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

References (4)

[Third Party Advisory] https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/

[Release Notes, Vendor Advisory] https://www.libraw.org/news/libraw-0-19-2-release

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html

[Vendor Advisory] https://usn.ubuntu.com/3989-1/

Scores

CVSS v3 7.5

EPSS 0.0117

EPSS Percentile 78.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-704

Status published

Products (2)

debian/debian_linux 8.0

libraw/libraw < 0.19.1

Published Feb 20, 2019

Tracked Since Feb 18, 2026