Denial of service in libraw
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5806 CVE-2018-5805 |
| CWE-ID | CWE-122 CWE-476 CWE-787 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
LibRaw Universal components / Libraries / Libraries used by multiple products |
| Vendor | LibRaw LLC |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU11766
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5800
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kodak_ycbcr_load_raw function in internal/dcraw_common.cpp due to an off-by-one error. A local attacker can submit specially crafted images, trigger heap-based buffer overflow and cause the service to crash.
Update to version 0.18.7.
Vulnerable software versionsLibRaw: 0.18.0 - 0.18.6
External linkshttp://packetstormsecurity.com/files/cve/CVE-2018-5800
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU11767
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5801
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the unpack function src/libraw_cxx.cpp due to incorrect handling of photo files. A remote attacker can submit a specially crafted photo file, trigger NULL pointer dereference and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 0.18.7.
Vulnerable software versionsLibRaw: 0.18.0 - 0.18.6
External linkshttp://packetstormsecurity.com/files/cve/CVE-2018-5801
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU11768
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5802
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable due to incorrect handling of photo files. A remote attacker can submit a specially crafted photo file, trigger out-of-bounds write and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 0.18.7.
Vulnerable software versionsLibRaw: 0.18.0 - 0.18.6
External linkshttp://packetstormsecurity.com/files/cve/CVE-2018-5802
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU16343
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5806
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp). A local attacker can submit specially crafted images, trigger NULL pointer dereference and cause the service to crash.
Update to version 0.18.8.
Vulnerable software versionsLibRaw: 0.18.0 - 0.18.7
External linkshttp://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Stack-based buffer overflow
EUVDB-ID: #VU16342
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5805
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to stack-based buffer overflow within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp). A local attacker can submit specially crafted images, trigger memory corruption and cause the service to crash.
Update to version 0.18.8.
Vulnerable software versionsLibRaw: 0.18.0 - 0.18.7
External linkshttp://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
