CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.7%
Secunia Research reports:
CVE-2018-5800: An off-by-one error within the “LibRaw::kodak_ycbcr_load_raw()”
function (internal/dcraw_common.cpp) can be exploited to cause a heap-based
buffer overflow and subsequently cause a crash.
CVE-2017-5801: An error within the “LibRaw::unpack()” function
(src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.
CVE-2017-5802: An error within the “kodak_radc_load_raw()” function
(internal/dcraw_common.cpp) related to the “buf” variable can be exploited
to cause an out-of-bounds read memory access and subsequently cause a crash.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.7%