CVE-2018-19566

NameCVE-2018-19566
DescriptionA heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dcraw (PTS)jessie9.21-0.2vulnerable
stretch9.27-1vulnerable
buster, bullseye9.28-2vulnerable
bookworm9.28-3vulnerable
trixie9.28-3.1vulnerable
sid9.28-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dcrawsourcewheezy(unfixed)end-of-life
dcrawsource(unstable)(unfixed)unimportant

Notes

https://www.openwall.com/lists/oss-security/2018/11/23/1
No security impact, crash in CLI tool

Search for package or bug name: Reporting problems