Vulnerability CVE-2018-20364: Information

Description

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-20364
Published: Dec. 22, 2018
Modified: May 21, 2019
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
librawsisyphus0.19.2-alt10.21.2-alt1ALT-PU-2018-2957-1218543Fixed
librawp100.19.2-alt10.20.2-alt1.1ALT-PU-2018-2957-1218543Fixed
librawp90.19.2-alt10.19.5-alt1ALT-PU-2018-2957-1218543Fixed
librawc10f10.19.2-alt10.20.2-alt1.1ALT-PU-2018-2957-1218543Fixed
librawc9f20.19.2-alt10.19.5-alt1ALT-PU-2018-2957-1218543Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/LibRaw/LibRaw/issues/194
  • Exploit
  • Patch
  • Third Party Advisory
106299
  • Third Party Advisory
  • VDB Entry
USN-3989-1

      1. Configuration 1

        cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*
        End including
        0.19.1
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top