CVE-2018-5815

An integer overflow error within the "parseqt()" function (internal/dcrawcommon.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type

GIT

Repo

https://github.com/libraw/libraw

Events

Introduced

Fixed

6c62f2b45c290c25371492bbd7bae431b3cddd48

Fixed

1334647862b0c90b2e8cb2f668e66627d9517b17

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.18.12"
        }
    ]
}

Affected versions

0.*

0.11.0-Release

0.11.1

0.11.2

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.14.3

0.14.4

0.14.5

0.14.6

0.15.0

0.16.0

0.17.0

0.18.0

0.18.1

0.18.10

0.18.11

0.18.2

0.18.3

0.18.4

0.18.5

0.18.6

0.18.7

0.18.8

0.18.9

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "function": "parse_qt",
            "file": "dcraw/dcraw.c"
        },
        "digest": {
            "length": 487.0,
            "function_hash": "332654752014799311762317652767049922768"
        },
        "source": "https://github.com/libraw/libraw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17",
        "signature_type": "Function",
        "id": "CVE-2018-5815-15c547f1",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "parse_qt",
            "file": "internal/dcraw_common.cpp"
        },
        "digest": {
            "length": 487.0,
            "function_hash": "332654752014799311762317652767049922768"
        },
        "source": "https://github.com/libraw/libraw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17",
        "signature_type": "Function",
        "id": "CVE-2018-5815-3b62e427",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "internal/dcraw_common.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162340819845460020987462871290996818593",
                "273570596699015872851700447841487179902",
                "231276055567181569759474760943651915664",
                "28509251757216518146565145547809995346"
            ]
        },
        "source": "https://github.com/libraw/libraw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17",
        "signature_type": "Line",
        "id": "CVE-2018-5815-669ffb7a",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "dcraw/dcraw.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162340819845460020987462871290996818593",
                "273570596699015872851700447841487179902",
                "231276055567181569759474760943651915664",
                "28509251757216518146565145547809995346"
            ]
        },
        "source": "https://github.com/libraw/libraw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17",
        "signature_type": "Line",
        "id": "CVE-2018-5815-75b89242",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5815.json"