CVE-2018-10529

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10529
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10529.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-10529
Downstream
Related
Published
2018-04-29T03:29:00Z
Modified
2025-08-09T20:01:26Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in librawx3f.cpp and librawcxx.cpp.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
            "target": {
                "file": "internal/libraw_x3f.cpp"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "240862160085993003600434182227685094653",
                    "158369060048286771248314680748371968292",
                    "97113461682042654376990464299999966361",
                    "29261631343733417072971860717578375845",
                    "339885308485634563600554458416818826136",
                    "323078013577982571728615220657221385471",
                    "86076383069500532027485707454034209862",
                    "316243266872512009550079486404996310428",
                    "85204445983169512942768942995382567613",
                    "139827416562017523666777119347415400117",
                    "226114661174059044347940110295779940323",
                    "312707862860971573665707848943754494193",
                    "318251517465902680941429029892041577448",
                    "151795081915003604379575167857052292848",
                    "268917060250854548848580387657766368198",
                    "269284681623973029004809318799018363969",
                    "130129417217373137053532091335928812102",
                    "142969646364091941053311453222596374645",
                    "10368222683834136076767704468247342142",
                    "132374683003806414528497221874129881729",
                    "114315440959363075544748912500113590470",
                    "66233697662997032906485154722264734887",
                    "1198970710821988405490492171003412062",
                    "151718378019123133221266697796754342604",
                    "63896756124240935624391526338574354195",
                    "137157358283057484190149570639629929674"
                ]
            },
            "id": "CVE-2018-10529-591e5ed5"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
            "target": {
                "file": "src/libraw_cxx.cpp",
                "function": "LibRaw::parse_x3f"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "139078084317845080823012408604288713066",
                "length": 5561.0
            },
            "id": "CVE-2018-10529-71aa6d57"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
            "target": {
                "file": "internal/libraw_x3f.cpp",
                "function": "x3f_load_property_list"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "116446325389743313282843666121866560994",
                "length": 674.0
            },
            "id": "CVE-2018-10529-8336e6d9"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
            "target": {
                "file": "internal/libraw_x3f.cpp",
                "function": "x3f_delete"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "214791853866619832009050408861689491417",
                "length": 1474.0
            },
            "id": "CVE-2018-10529-95a0eb2e"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
            "target": {
                "file": "src/libraw_cxx.cpp"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818646843373079837247003281549386162",
                    "256221859826004224259744393469590061204",
                    "49067652593416517873450475657797997025",
                    "150902004042096981754329473733521661398",
                    "36172164629433102534438106320777277653",
                    "72217831412331383429054205047958677060",
                    "124201910794061763184229475466790558399",
                    "208361473963240830842824678370307248197",
                    "206479895672243440599142812359499313896",
                    "117690676383352947772199214911752666272",
                    "318651842328511367245984644084605261777",
                    "212450244810660430944116050595376638016",
                    "122513729897260850221728284977472669624"
                ]
            },
            "id": "CVE-2018-10529-a31cfece"
        }
    ]
}