CVE-2023-1729
MEDIUMLibRaw < 0.21.2 - Heap-Based Buffer Overflow in raw2image_ex()
Title source: llmDescription
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2188240
Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/LibRaw/LibRaw/issues/557
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5412
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202312-08
Scores
CVSS v3
6.5
EPSS
0.0007
EPSS Percentile
21.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (6)
fedoraproject/fedora
37
fedoraproject/fedora
38
libraw/libraw
< 0.21.2
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
Published
May 15, 2023
Tracked Since
Feb 18, 2026