An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in librawx3f.cpp and librawcxx.cpp.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "target": { "file": "internal/libraw_x3f.cpp" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "240862160085993003600434182227685094653", "158369060048286771248314680748371968292", "97113461682042654376990464299999966361", "29261631343733417072971860717578375845", "339885308485634563600554458416818826136", "323078013577982571728615220657221385471", "86076383069500532027485707454034209862", "316243266872512009550079486404996310428", "85204445983169512942768942995382567613", "139827416562017523666777119347415400117", "226114661174059044347940110295779940323", "312707862860971573665707848943754494193", "318251517465902680941429029892041577448", "151795081915003604379575167857052292848", "268917060250854548848580387657766368198", "269284681623973029004809318799018363969", "130129417217373137053532091335928812102", "142969646364091941053311453222596374645", "10368222683834136076767704468247342142", "132374683003806414528497221874129881729", "114315440959363075544748912500113590470", "66233697662997032906485154722264734887", "1198970710821988405490492171003412062", "151718378019123133221266697796754342604", "63896756124240935624391526338574354195", "137157358283057484190149570639629929674" ] }, "id": "CVE-2018-10529-591e5ed5" }, { "deprecated": false, "signature_type": "Function", "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "target": { "file": "src/libraw_cxx.cpp", "function": "LibRaw::parse_x3f" }, "signature_version": "v1", "digest": { "function_hash": "139078084317845080823012408604288713066", "length": 5561.0 }, "id": "CVE-2018-10529-71aa6d57" }, { "deprecated": false, "signature_type": "Function", "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "target": { "file": "internal/libraw_x3f.cpp", "function": "x3f_load_property_list" }, "signature_version": "v1", "digest": { "function_hash": "116446325389743313282843666121866560994", "length": 674.0 }, "id": "CVE-2018-10529-8336e6d9" }, { "deprecated": false, "signature_type": "Function", "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "target": { "file": "internal/libraw_x3f.cpp", "function": "x3f_delete" }, "signature_version": "v1", "digest": { "function_hash": "214791853866619832009050408861689491417", "length": 1474.0 }, "id": "CVE-2018-10529-95a0eb2e" }, { "deprecated": false, "signature_type": "Line", "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "target": { "file": "src/libraw_cxx.cpp" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "40818646843373079837247003281549386162", "256221859826004224259744393469590061204", "49067652593416517873450475657797997025", "150902004042096981754329473733521661398", "36172164629433102534438106320777277653", "72217831412331383429054205047958677060", "124201910794061763184229475466790558399", "208361473963240830842824678370307248197", "206479895672243440599142812359499313896", "117690676383352947772199214911752666272", "318651842328511367245984644084605261777", "212450244810660430944116050595376638016", "122513729897260850221728284977472669624" ] }, "id": "CVE-2018-10529-a31cfece" } ] }