CVE-2018-5802
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-5802
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5802.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-5802
- Downstream
- Related
- Published
- 2018-12-07T22:29:00Z
- Modified
- 2025-10-15T09:58:35.306862Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An error within the "kodakradcloadraw()" function (internal/dcrawcommon.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
- References
-
- https://access.redhat.com/errata/RHSA-2018:3065
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
- https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
- https://secuniaresearch.flexerasoftware.com/advisories/79000/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
- https://usn.ubuntu.com/3615-1/
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "LibRaw::unpack",
"file": "src/libraw_cxx.cpp"
},
"deprecated": false,
"digest": {
"length": 5488.0,
"function_hash": "161483585446594267200935247022503028262"
},
"id": "CVE-2018-5802-016e6f33"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_thumb_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 243.0,
"function_hash": "160494918233589209001810960379427370094"
},
"id": "CVE-2018-5802-09a4c581"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_thumb_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 243.0,
"function_hash": "160494918233589209001810960379427370094"
},
"id": "CVE-2018-5802-0e32219a"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Line",
"target": {
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"124352597106125194591251597623813245087",
"205284995094097582530856370968424278719",
"22988309875342170224409563331183752929",
"152524982112894191157422634430165024569",
"134314041729803709068108821152848661040",
"56826994616165192090472973610448379347",
"9335849157892235498825732050239788851",
"13895658195792164903745073899324943651",
"24466760082234887380727357519372869531",
"7426613730176305859336298852780303120",
"271838145860153652684670112833131013177",
"210342598399517506555949216805269868272",
"203918500306293612318249725421719062350",
"265278866704382827202670825729318647996",
"78951212272183871313650740983746536437",
"72040137193199700986915357609299583190",
"37207052900821485193484520787432001846",
"298406861113080713784553777104916175824",
"136969156965128291443653095736113578484",
"235407591583852246927127605934439653139",
"30196958699258018537772565469074963074",
"105579096636456265405734532937431786796",
"214014673505471298928868781745504967101",
"70545129739348577869896186898755704651",
"136425149642808564512258529105280230462",
"91400670279961731544970769829038102440",
"53067433816204783646723949955514109327",
"26187831458945772625088063865499582524",
"86590266928334755423253981495614712362",
"336103892140386112942258816375107482313",
"247961867312073565171760312702418044760",
"150240696824577948971417154241146358422",
"275284776873653422909872411440016382812",
"302841285493743931431551974456587418965",
"220916476889783483661247240454011667784",
"328767936967423010356050288127137669594"
]
},
"id": "CVE-2018-5802-11aa2fe3"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Line",
"target": {
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"124352597106125194591251597623813245087",
"205284995094097582530856370968424278719",
"22988309875342170224409563331183752929",
"152524982112894191157422634430165024569",
"134314041729803709068108821152848661040",
"56826994616165192090472973610448379347",
"9335849157892235498825732050239788851",
"13895658195792164903745073899324943651",
"24466760082234887380727357519372869531",
"7426613730176305859336298852780303120",
"271838145860153652684670112833131013177",
"210342598399517506555949216805269868272",
"203918500306293612318249725421719062350",
"265278866704382827202670825729318647996",
"78951212272183871313650740983746536437",
"72040137193199700986915357609299583190",
"37207052900821485193484520787432001846",
"298406861113080713784553777104916175824",
"136969156965128291443653095736113578484",
"235407591583852246927127605934439653139",
"30196958699258018537772565469074963074",
"105579096636456265405734532937431786796",
"214014673505471298928868781745504967101",
"70545129739348577869896186898755704651",
"136425149642808564512258529105280230462",
"91400670279961731544970769829038102440",
"53067433816204783646723949955514109327",
"26187831458945772625088063865499582524",
"86590266928334755423253981495614712362",
"336103892140386112942258816375107482313",
"247961867312073565171760312702418044760",
"150240696824577948971417154241146358422",
"275284776873653422909872411440016382812",
"302841285493743931431551974456587418965",
"220916476889783483661247240454011667784",
"328767936967423010356050288127137669594",
"176396876015451459354376681188751172409",
"318702961172474298222340958907578471478",
"184431407562271806030802193190809065591",
"98958406534496180594480157156599910465",
"309056222066399524872352719555832460388",
"120241558432838573609845346608985953322",
"100850317300044172871758774077954143283",
"183165565249248235104004237473157430537"
]
},
"id": "CVE-2018-5802-141c8de0"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_c603_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 926.0,
"function_hash": "258053693770198014831738181204152304597"
},
"id": "CVE-2018-5802-1f261753"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_rgb_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 687.0,
"function_hash": "15525495523015937544790174210825329364"
},
"id": "CVE-2018-5802-3874ecfa"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_c330_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 971.0,
"function_hash": "214421281184207399848919388196393537141"
},
"id": "CVE-2018-5802-45d5e015"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_radc_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 4331.0,
"function_hash": "258645329150201233248176608017425116591"
},
"id": "CVE-2018-5802-4b21475b"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_ycbcr_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 984.0,
"function_hash": "163787082309327837638368078428263567791"
},
"id": "CVE-2018-5802-5ba1248b"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "foveon_dp_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 766.0,
"function_hash": "2862206903275483430271369263106098319"
},
"id": "CVE-2018-5802-6e646bbe"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_c330_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 971.0,
"function_hash": "214421281184207399848919388196393537141"
},
"id": "CVE-2018-5802-6f8245f7"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_rgb_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 687.0,
"function_hash": "15525495523015937544790174210825329364"
},
"id": "CVE-2018-5802-77b95003"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "nikon_yuv_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 784.0,
"function_hash": "107028413891214520022767389805362151335"
},
"id": "CVE-2018-5802-7d1986c0"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "sinar_4shot_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "3973563765850600755684746521009306221"
},
"id": "CVE-2018-5802-a5bd9383"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_c603_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 926.0,
"function_hash": "258053693770198014831738181204152304597"
},
"id": "CVE-2018-5802-b01b8886"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "lossy_dng_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 2297.0,
"function_hash": "202245538503356998516944743852207703228"
},
"id": "CVE-2018-5802-b7a85c51"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "foveon_sd_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 960.0,
"function_hash": "144737991149904957369473714665081941139"
},
"id": "CVE-2018-5802-c3fa48de"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Line",
"target": {
"file": "src/libraw_cxx.cpp"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"252836511816281551337412742381892112552",
"97817573362742954812293633274999613411",
"43483054351564291780598603455924190391",
"339636120942977234911671384945116044918"
]
},
"id": "CVE-2018-5802-c8f1654b"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "nikon_yuv_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 784.0,
"function_hash": "107028413891214520022767389805362151335"
},
"id": "CVE-2018-5802-c9900705"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_ycbcr_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 984.0,
"function_hash": "163787082309327837638368078428263567791"
},
"id": "CVE-2018-5802-db936243"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "lossy_dng_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 2297.0,
"function_hash": "202245538503356998516944743852207703228"
},
"id": "CVE-2018-5802-e2c0a69f"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "kodak_radc_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 4331.0,
"function_hash": "258645329150201233248176608017425116591"
},
"id": "CVE-2018-5802-e7137ad9"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4",
"signature_type": "Function",
"target": {
"function": "sinar_4shot_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "3973563765850600755684746521009306221"
},
"id": "CVE-2018-5802-ec879400"
}
]