{"id":"CVE-2017-6889","details":"An integer overflow error within the \"foveon_load_camf()\" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.","modified":"2026-02-01T11:02:00.669093Z","published":"2017-05-15T18:29:00.200Z","related":["MGASA-2017-0223","SUSE-SU-2017:2300-1"],"references":[{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/advisories/75000/"},{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/advisories/75000/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw-demosaic-pack-gpl2","events":[{"introduced":"0"},{"fixed":"194f592e205990ea8fce72b6c571c14350aca716"}]}],"versions":["0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.14.7","0.14.8","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.18.0-Beta1","0.18.0-Beta2","0.18.1"],"database_specific":{"vanir_signatures":[{"target":{"file":"dcraw_foveon.c"},"digest":{"threshold":0.9,"line_hashes":["100850317300044172871758774077954143283","183165565249248235104004237473157430537","83649381162801328157103007422383945962","47514154183160630857492948049019842349","37475012982426722331624000442743187628","158946633314018727684819495445952872936","169360082881815744821892637527684042066","297389860160314791543952754442543041809","196569000861448789229074069099911561455","46361378511996670452354581310182194654","25993550731896664825248406918372402297","67138032242703886184429388320837250614"]},"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","deprecated":false,"signature_type":"Line","id":"CVE-2017-6889-b76a6567","signature_version":"v1"},{"target":{"function":"foveon_load_camf","file":"dcraw_foveon.c"},"digest":{"function_hash":"91891604155324030583620799763965924127","length":1267},"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","deprecated":false,"signature_type":"Function","id":"CVE-2017-6889-d6e82664","signature_version":"v1"},{"target":{"function":"foveon_dp_load_raw","file":"dcraw_foveon.c"},"digest":{"function_hash":"2862206903275483430271369263106098319","length":766},"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","deprecated":false,"signature_type":"Function","id":"CVE-2017-6889-e65cd3bb","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6889.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}