CVE-2018-5812
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-5812
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5812.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-5812
- Downstream
- Published
- 2018-12-07T22:29:01Z
- Modified
- 2025-09-19T10:03:43.679903Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An error within the "nikoncoolscanloadraw()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
- References
-
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
- https://secuniaresearch.flexerasoftware.com/advisories/81800/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
- https://usn.ubuntu.com/3838-1/
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.18.8
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2018-5812-15e710a4",
"digest": {
"length": 1126.0,
"function_hash": "103086419786231934038413598467398813421"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "samsung_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-189bdb26",
"digest": {
"threshold": 0.9,
"line_hashes": [
"273679408590800389784463824288325263945",
"311832141119267821211212977567284311007",
"157418656670067103121019588295575997277",
"313485840605520327125194372542610673963",
"206329836910023774338790365466662234045",
"210535801540830065462714733274420535226",
"33617886783304206395444815521666608424",
"167720109998194836350720769218000851691",
"160015674479258178569727109825308650927",
"145228785623772391431438195811948605624",
"310182872512976344035852554819702731410",
"50447709627044169794151313792129030785",
"338580332380908106690514924983695610027",
"32903148846931797049637309911400810714",
"328519372197887831252832290110224088993",
"33975463736324781478074934448743136564",
"303556477982403404541382513450019955264",
"209683397208428613350895773359623803845",
"142630097708889244599648370418204183154",
"218562537529914475489467640867448598807",
"97939366002272317048492723179471615387",
"18049376380720631469593962984017184321",
"73476338883956882841964865243250748941",
"296136601385660704382288566442522533800",
"286646305840587446809760071523748904",
"84345845892154737372931787698978309441",
"60431226181566039846558058031072671782",
"258924427555608509877623485076006445651",
"92315904184697802667162103980838990962",
"183028196059588422966841719050723348770",
"68046445812426502674884377718937776856",
"200596549651399769646112591807560375783",
"298859745218031586655739669470040690961",
"298850413733980941384765291467650280567",
"205683474625643054280653533347273382641",
"260017044744476546030018098649380913703",
"244960742403957984609105102291483386988",
"325232135412378494987022116124803046084",
"308476498640837753581465973832129808662",
"22328810239000420906497643756816343560",
"158427364899356161368961254183126088364",
"192375223621998308980979962494999413616",
"339626032935950592947630484523807697179",
"139711232246865239965185026667743253871",
"152607733335757175922902328727975228035",
"261627642064275214676066572606520542452",
"107205074854239585061202210948313935174",
"125045581929943857211595975783629729869",
"32247967047973656130412413355880419226",
"119483698912984479060697212007500552416",
"57365496772295603500400722951079092909",
"255398501264795973989278789365485431214",
"39408228936777466853212333395419979935",
"197774500958200646326074983219268094427",
"339789631999511855918708357319378909896",
"265193411610124053766179989773680218438",
"52647775737253482248475601195096397633",
"18932204516485879841527293224070236168",
"119868237664800903053038755200739093169",
"323276816179838608279902606094204843593",
"264871345216473885441333060210321370763",
"324787572124743060955412495329858952490",
"327109111898894320403916162605834830051",
"253416149967212157794733244776159009596",
"329826662557877484765553635379797988114",
"200911600108456657536047133118442432849",
"274044561682603701575881658079905099171",
"316151007566085225370278936078514248964",
"78498308716374368006161942870700035971",
"13873507512392456607285673209947960382",
"2381033876907687861255631093081845791",
"241976520439912587031387361076660568840",
"140093959785124511812292778626083020004"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp"
},
"signature_type": "Line",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-1c95a38b",
"digest": {
"length": 615.0,
"function_hash": "30341421550248799199491593282000669188"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "rollei_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-478302ee",
"digest": {
"length": 297.0,
"function_hash": "201937694273306970586098713113374107009"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "remove_trailing_spaces"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-49f64c80",
"digest": {
"length": 1067.0,
"function_hash": "115653717507673145135102755915223430553"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "nikon_coolscan_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-4d3bbf27",
"digest": {
"length": 4196.0,
"function_hash": "45308682282860505612976499863422392872"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "parse_exif"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-5149fa4a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"223704755005448645620033463203528873096",
"109713940505012138848158725235051924701",
"174459847430026974051601257321019677975",
"273679408590800389784463824288325263945",
"311832141119267821211212977567284311007",
"157418656670067103121019588295575997277",
"313485840605520327125194372542610673963",
"206329836910023774338790365466662234045",
"210535801540830065462714733274420535226",
"33617886783304206395444815521666608424",
"167720109998194836350720769218000851691",
"160015674479258178569727109825308650927",
"145228785623772391431438195811948605624",
"310182872512976344035852554819702731410",
"50447709627044169794151313792129030785",
"338580332380908106690514924983695610027",
"32903148846931797049637309911400810714",
"328519372197887831252832290110224088993",
"33975463736324781478074934448743136564",
"303556477982403404541382513450019955264",
"209683397208428613350895773359623803845",
"142630097708889244599648370418204183154",
"218562537529914475489467640867448598807",
"97939366002272317048492723179471615387",
"18049376380720631469593962984017184321",
"73476338883956882841964865243250748941",
"296136601385660704382288566442522533800",
"286646305840587446809760071523748904",
"84345845892154737372931787698978309441",
"60431226181566039846558058031072671782",
"258924427555608509877623485076006445651",
"92315904184697802667162103980838990962",
"183028196059588422966841719050723348770",
"68046445812426502674884377718937776856",
"200596549651399769646112591807560375783",
"298859745218031586655739669470040690961",
"298850413733980941384765291467650280567",
"205683474625643054280653533347273382641",
"260017044744476546030018098649380913703",
"244960742403957984609105102291483386988",
"325232135412378494987022116124803046084",
"308476498640837753581465973832129808662",
"22328810239000420906497643756816343560",
"158427364899356161368961254183126088364",
"192375223621998308980979962494999413616",
"339626032935950592947630484523807697179",
"139711232246865239965185026667743253871",
"152607733335757175922902328727975228035",
"261627642064275214676066572606520542452",
"107205074854239585061202210948313935174",
"125045581929943857211595975783629729869",
"32247967047973656130412413355880419226",
"119483698912984479060697212007500552416",
"57365496772295603500400722951079092909",
"255398501264795973989278789365485431214",
"39408228936777466853212333395419979935",
"197774500958200646326074983219268094427",
"339789631999511855918708357319378909896",
"265193411610124053766179989773680218438",
"52647775737253482248475601195096397633",
"18932204516485879841527293224070236168",
"119868237664800903053038755200739093169",
"323276816179838608279902606094204843593",
"264871345216473885441333060210321370763",
"324787572124743060955412495329858952490",
"327109111898894320403916162605834830051",
"253416149967212157794733244776159009596",
"329826662557877484765553635379797988114",
"200911600108456657536047133118442432849",
"274044561682603701575881658079905099171",
"316151007566085225370278936078514248964",
"78498308716374368006161942870700035971",
"13873507512392456607285673209947960382",
"2381033876907687861255631093081845791",
"241976520439912587031387361076660568840",
"140093959785124511812292778626083020004"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c"
},
"signature_type": "Line",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-6241317b",
"digest": {
"length": 1067.0,
"function_hash": "115653717507673145135102755915223430553"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "nikon_coolscan_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-70dc518a",
"digest": {
"length": 751.0,
"function_hash": "57667442162703262533089126353169943675"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "find_green"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-73d2ade7",
"digest": {
"length": 297.0,
"function_hash": "201937694273306970586098713113374107009"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "remove_trailing_spaces"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-8cc49bfd",
"digest": {
"length": 751.0,
"function_hash": "57667442162703262533089126353169943675"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "find_green"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-c82a9610",
"digest": {
"length": 4196.0,
"function_hash": "45308682282860505612976499863422392872"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "dcraw/dcraw.c",
"function": "parse_exif"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-ceb5ce5a",
"digest": {
"length": 1126.0,
"function_hash": "103086419786231934038413598467398813421"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "samsung_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"id": "CVE-2018-5812-ee23f9d7",
"digest": {
"length": 615.0,
"function_hash": "30341421550248799199491593282000669188"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "internal/dcraw_common.cpp",
"function": "rollei_load_raw"
},
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9"
}
]
}