CVE-2017-16909
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-16909
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16909.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16909
- Downstream
- Related
- Published
- 2018-12-07T22:29:00Z
- Modified
- 2025-09-19T08:58:14.762619Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An error related to the "LibRaw::panasonicloadraw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
- References
-
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://secuniaresearch.flexerasoftware.com/advisories/76000/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/
- https://usn.ubuntu.com/3615-1/
- https://github.com/LibRaw/LibRaw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "dcraw/dcraw.c"
},
"id": "CVE-2017-16909-15a28e08",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"line_hashes": [
"92598643016869726116496545431955095057",
"120939618251062345120474030181267199025",
"175446667405057637735720472319857957960",
"302434637703157556965875178027127222250",
"159726733877091668658868407700114082283",
"47396600157287310090621577509096878652",
"223381199108772046071832214352090977790",
"312535190315978562344322721944551004105",
"303224951040866503772588754584229743146",
"204119642482237263911818387740019987550",
"255937820271983562132317266877551480520",
"69397894438155230848606260908398451734",
"306518057356109731984525057483905944343",
"191839667621282678976513721523612474074",
"90351574205308034742503652561293419314"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "internal/dcraw_common.cpp",
"function": "identify"
},
"id": "CVE-2017-16909-20262b75",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 67105.0,
"function_hash": "321872447772065613720363512539899803803"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "internal/dcraw_common.cpp",
"function": "panasonic_load_raw"
},
"id": "CVE-2017-16909-27811112",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 788.0,
"function_hash": "161703518076742467936785774804205186967"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "internal/dcraw_common.cpp"
},
"id": "CVE-2017-16909-44d33ca5",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"line_hashes": [
"92598643016869726116496545431955095057",
"120939618251062345120474030181267199025",
"175446667405057637735720472319857957960",
"302434637703157556965875178027127222250",
"159726733877091668658868407700114082283",
"47396600157287310090621577509096878652",
"223381199108772046071832214352090977790",
"312535190315978562344322721944551004105",
"303224951040866503772588754584229743146",
"204119642482237263911818387740019987550",
"255937820271983562132317266877551480520",
"69397894438155230848606260908398451734",
"306518057356109731984525057483905944343",
"191839667621282678976513721523612474074",
"90351574205308034742503652561293419314"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "internal/dcraw_common.cpp",
"function": "parse_fuji"
},
"id": "CVE-2017-16909-c879941c",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 3587.0,
"function_hash": "91992552088826294097603272626590769737"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "libraw/libraw_const.h"
},
"id": "CVE-2017-16909-d3f822a1",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"line_hashes": [
"216092885707465522902309138874404632414",
"265583112738806107122278279198893038748",
"86890722005686700908617904553551066285",
"158063219566602077671404182076737842235"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "dcraw/dcraw.c",
"function": "identify"
},
"id": "CVE-2017-16909-deff72fb",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 67105.0,
"function_hash": "321872447772065613720363512539899803803"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "dcraw/dcraw.c",
"function": "panasonic_load_raw"
},
"id": "CVE-2017-16909-e6bbb0f3",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 788.0,
"function_hash": "161703518076742467936785774804205186967"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "dcraw/dcraw.c",
"function": "parse_fuji"
},
"id": "CVE-2017-16909-fe95ad3d",
"source": "https://github.com/libraw/libraw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a",
"digest": {
"length": 3587.0,
"function_hash": "91992552088826294097603272626590769737"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
}