CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.2%
It was discovered that rawtherapee had a floating point exception in the kodak_radc_load_raw function in dcraw.cc (CVE-2017-13735). It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c (CVE-2017-14348). It was discovered that rawtherapee had a Stack Buffer Overflow in xtrans_interpolate in dcraw.c that could allow a remote denial of service and code execution attack (CVE-2017-14265).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | rawtherapee | < 4.1-4.2 | rawtherapee-4.1-4.2.mga5 |
Mageia | 6 | noarch | rawtherapee | < 5.1-1.2 | rawtherapee-5.1-1.2.mga6 |
bugs.mageia.org/show_bug.cgi?id=21755
github.com/Beep6581/RawTherapee/issues/4061
github.com/Beep6581/RawTherapee/issues/4084
github.com/LibRaw/LibRaw/issues/99
lists.fedoraproject.org/archives/list/[email protected]/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/
lists.fedoraproject.org/archives/list/[email protected]/thread/TVI7PQ5NTNFOL4EQTLNZOPGCDLKJKXST/
www.libraw.org/news/libraw-0-18-4
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.2%