CVE-2017-16910

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16910
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16910.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16910
Downstream
Related
Published
2018-12-07T22:29:00.350Z
Modified
2025-11-14T05:07:48.236377Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An error within the "LibRaw::xtransinterpolate()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5563e6ddc3f7cb93d98b491194ceebdee7288d36

Affected versions

0.*

0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "282469855942832008542703959506986923980",
            "length": 9893.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-16910-038ecc66",
        "target": {
            "file": "internal/dcraw_common.cpp",
            "function": "xtrans_interpolate"
        },
        "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99685374839129199495525630687841065527",
                "159958846158126006334355249575866918253",
                "300127153246096657580455143707932786058",
                "327795333736066895153835443346546986384",
                "197975287852716690536586143397631760957",
                "65799970490364317734675686097265226055",
                "99006793806924869683894076395221177323",
                "208987392810246662921202186402479819650",
                "109188508420320033526802904676439140944",
                "299820038846524592686300402737999623121",
                "234478374888412242127713411366561740032",
                "228655890149366181956808468630248706080",
                "113174911205954936257352360627722165686",
                "263281658749893354721584564115462901862",
                "95044150495143791008296543172570073291",
                "77646698351718837456230755957603517057",
                "135149706244641396243848513062771094277",
                "300638464847132458769668435858064782280",
                "70298961281590312413678883578282202368",
                "210149622158279495417842633022815198063",
                "52388428277278748370125307007540166123",
                "252212130181434509083501976340501881685",
                "337872299362181358153445889366373261427"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-16910-7db3fb3a",
        "target": {
            "file": "dcraw/dcraw.c"
        },
        "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99685374839129199495525630687841065527",
                "159958846158126006334355249575866918253",
                "300127153246096657580455143707932786058",
                "327795333736066895153835443346546986384",
                "197975287852716690536586143397631760957",
                "65799970490364317734675686097265226055",
                "99006793806924869683894076395221177323",
                "208987392810246662921202186402479819650",
                "109188508420320033526802904676439140944",
                "299820038846524592686300402737999623121",
                "234478374888412242127713411366561740032",
                "228655890149366181956808468630248706080",
                "113174911205954936257352360627722165686",
                "263281658749893354721584564115462901862",
                "95044150495143791008296543172570073291",
                "77646698351718837456230755957603517057",
                "135149706244641396243848513062771094277",
                "300638464847132458769668435858064782280",
                "70298961281590312413678883578282202368",
                "210149622158279495417842633022815198063",
                "52388428277278748370125307007540166123",
                "252212130181434509083501976340501881685",
                "337872299362181358153445889366373261427"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-16910-fc6011a2",
        "target": {
            "file": "internal/dcraw_common.cpp"
        },
        "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "282469855942832008542703959506986923980",
            "length": 9893.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-16910-ffa03489",
        "target": {
            "file": "dcraw/dcraw.c",
            "function": "xtrans_interpolate"
        },
        "source": "https://github.com/libraw/libraw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36",
        "signature_type": "Function"
    }
]