CVE-2017-16910

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16910
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16910.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16910
Downstream
Related
Published
2018-12-07T22:29:00Z
Modified
2025-10-13T07:05:53.100475Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An error within the "LibRaw::xtransinterpolate()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5563e6ddc3f7cb93d98b491194ceebdee7288d36

Affected versions

0.*

0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
            "id": "CVE-2017-16910-038ecc66",
            "digest": {
                "length": 9893.0,
                "function_hash": "282469855942832008542703959506986923980"
            },
            "target": {
                "file": "internal/dcraw_common.cpp",
                "function": "xtrans_interpolate"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
            "id": "CVE-2017-16910-7db3fb3a",
            "digest": {
                "line_hashes": [
                    "99685374839129199495525630687841065527",
                    "159958846158126006334355249575866918253",
                    "300127153246096657580455143707932786058",
                    "327795333736066895153835443346546986384",
                    "197975287852716690536586143397631760957",
                    "65799970490364317734675686097265226055",
                    "99006793806924869683894076395221177323",
                    "208987392810246662921202186402479819650",
                    "109188508420320033526802904676439140944",
                    "299820038846524592686300402737999623121",
                    "234478374888412242127713411366561740032",
                    "228655890149366181956808468630248706080",
                    "113174911205954936257352360627722165686",
                    "263281658749893354721584564115462901862",
                    "95044150495143791008296543172570073291",
                    "77646698351718837456230755957603517057",
                    "135149706244641396243848513062771094277",
                    "300638464847132458769668435858064782280",
                    "70298961281590312413678883578282202368",
                    "210149622158279495417842633022815198063",
                    "52388428277278748370125307007540166123",
                    "252212130181434509083501976340501881685",
                    "337872299362181358153445889366373261427"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "dcraw/dcraw.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
            "id": "CVE-2017-16910-fc6011a2",
            "digest": {
                "line_hashes": [
                    "99685374839129199495525630687841065527",
                    "159958846158126006334355249575866918253",
                    "300127153246096657580455143707932786058",
                    "327795333736066895153835443346546986384",
                    "197975287852716690536586143397631760957",
                    "65799970490364317734675686097265226055",
                    "99006793806924869683894076395221177323",
                    "208987392810246662921202186402479819650",
                    "109188508420320033526802904676439140944",
                    "299820038846524592686300402737999623121",
                    "234478374888412242127713411366561740032",
                    "228655890149366181956808468630248706080",
                    "113174911205954936257352360627722165686",
                    "263281658749893354721584564115462901862",
                    "95044150495143791008296543172570073291",
                    "77646698351718837456230755957603517057",
                    "135149706244641396243848513062771094277",
                    "300638464847132458769668435858064782280",
                    "70298961281590312413678883578282202368",
                    "210149622158279495417842633022815198063",
                    "52388428277278748370125307007540166123",
                    "252212130181434509083501976340501881685",
                    "337872299362181358153445889366373261427"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "internal/dcraw_common.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
            "id": "CVE-2017-16910-ffa03489",
            "digest": {
                "length": 9893.0,
                "function_hash": "282469855942832008542703959506986923980"
            },
            "target": {
                "file": "dcraw/dcraw.c",
                "function": "xtrans_interpolate"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}