Vulnerability Details : CVE-2018-19655
Potential exploit
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2018-19655
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp4:*:*:*:*:*:*
- cpe:2.3:a:dcraw_project:dcraw:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19655
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19655
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-19655
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19655
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/
[SECURITY] Fedora 30 Update: dcraw-9.28.0-9.fc30 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/
[SECURITY] Fedora 32 Update: dcraw-9.28.0-9.fc32 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/
[SECURITY] Fedora 31 Update: dcraw-9.28.0-9.fc31 - package-announce - Fedora Mailing-Lists
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
#906529 - dcraw: CVE-2018-19655: stack-based buffer overflow bug - Debian Bug report logsExploit;Mailing List;Third Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
#890086 - ufraw: CVE-2018-19655: stack buffer overflow while running ufraw-batch - Debian Bug report logsExploit;Mailing List;Third Party Advisory
Jump to