CVE-2018-19565

NameCVE-2018-19565
DescriptionA buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dcraw (PTS)jessie9.21-0.2vulnerable
stretch9.27-1vulnerable
buster, bullseye9.28-2vulnerable
bookworm9.28-3vulnerable
sid, trixie9.28-7vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dcrawsourcewheezy(unfixed)end-of-life
dcrawsource(unstable)(unfixed)unimportant

Notes

https://www.openwall.com/lists/oss-security/2018/11/23/1
No security impact, crash in CLI tool

Search for package or bug name: Reporting problems