{"id":"CVE-2018-5810","details":"An error within the \"rollei_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.","modified":"2026-03-19T12:35:25.140810Z","published":"2018-12-07T22:29:01.240Z","related":["SUSE-SU-2018:3343-1"],"references":[{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/advisories/81800/"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3838-1/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"fixed":"87144aa9bb7325b09965b183fa58f957a9a4e4fd"},{"fixed":"fd6330292501983ac75fe4162275794b18445bd9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.18.9"}]}}],"versions":["0.11.0-Release","0.11.1","0.11.2","0.12.0","0.12.1","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.18.1","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.8"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-5810-15e710a4","target":{"function":"samsung_load_raw","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":1126,"function_hash":"103086419786231934038413598467398813421"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-189bdb26","target":{"file":"internal/dcraw_common.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["273679408590800389784463824288325263945","311832141119267821211212977567284311007","157418656670067103121019588295575997277","313485840605520327125194372542610673963","206329836910023774338790365466662234045","210535801540830065462714733274420535226","33617886783304206395444815521666608424","167720109998194836350720769218000851691","160015674479258178569727109825308650927","145228785623772391431438195811948605624","310182872512976344035852554819702731410","50447709627044169794151313792129030785","338580332380908106690514924983695610027","32903148846931797049637309911400810714","328519372197887831252832290110224088993","33975463736324781478074934448743136564","303556477982403404541382513450019955264","209683397208428613350895773359623803845","142630097708889244599648370418204183154","218562537529914475489467640867448598807","97939366002272317048492723179471615387","18049376380720631469593962984017184321","73476338883956882841964865243250748941","296136601385660704382288566442522533800","286646305840587446809760071523748904","84345845892154737372931787698978309441","60431226181566039846558058031072671782","258924427555608509877623485076006445651","92315904184697802667162103980838990962","183028196059588422966841719050723348770","68046445812426502674884377718937776856","200596549651399769646112591807560375783","298859745218031586655739669470040690961","298850413733980941384765291467650280567","205683474625643054280653533347273382641","260017044744476546030018098649380913703","244960742403957984609105102291483386988","325232135412378494987022116124803046084","308476498640837753581465973832129808662","22328810239000420906497643756816343560","158427364899356161368961254183126088364","192375223621998308980979962494999413616","339626032935950592947630484523807697179","139711232246865239965185026667743253871","152607733335757175922902328727975228035","261627642064275214676066572606520542452","107205074854239585061202210948313935174","125045581929943857211595975783629729869","32247967047973656130412413355880419226","119483698912984479060697212007500552416","57365496772295603500400722951079092909","255398501264795973989278789365485431214","39408228936777466853212333395419979935","197774500958200646326074983219268094427","339789631999511855918708357319378909896","265193411610124053766179989773680218438","52647775737253482248475601195096397633","18932204516485879841527293224070236168","119868237664800903053038755200739093169","323276816179838608279902606094204843593","264871345216473885441333060210321370763","324787572124743060955412495329858952490","327109111898894320403916162605834830051","253416149967212157794733244776159009596","329826662557877484765553635379797988114","200911600108456657536047133118442432849","274044561682603701575881658079905099171","316151007566085225370278936078514248964","78498308716374368006161942870700035971","13873507512392456607285673209947960382","2381033876907687861255631093081845791","241976520439912587031387361076660568840","140093959785124511812292778626083020004"]},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-1c95a38b","target":{"function":"rollei_load_raw","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":615,"function_hash":"30341421550248799199491593282000669188"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-478302ee","target":{"function":"remove_trailing_spaces","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":297,"function_hash":"201937694273306970586098713113374107009"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-49f64c80","target":{"function":"nikon_coolscan_load_raw","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":1067,"function_hash":"115653717507673145135102755915223430553"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-4d3bbf27","target":{"function":"parse_exif","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":4196,"function_hash":"45308682282860505612976499863422392872"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-5149fa4a","target":{"file":"dcraw/dcraw.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["223704755005448645620033463203528873096","109713940505012138848158725235051924701","174459847430026974051601257321019677975","273679408590800389784463824288325263945","311832141119267821211212977567284311007","157418656670067103121019588295575997277","313485840605520327125194372542610673963","206329836910023774338790365466662234045","210535801540830065462714733274420535226","33617886783304206395444815521666608424","167720109998194836350720769218000851691","160015674479258178569727109825308650927","145228785623772391431438195811948605624","310182872512976344035852554819702731410","50447709627044169794151313792129030785","338580332380908106690514924983695610027","32903148846931797049637309911400810714","328519372197887831252832290110224088993","33975463736324781478074934448743136564","303556477982403404541382513450019955264","209683397208428613350895773359623803845","142630097708889244599648370418204183154","218562537529914475489467640867448598807","97939366002272317048492723179471615387","18049376380720631469593962984017184321","73476338883956882841964865243250748941","296136601385660704382288566442522533800","286646305840587446809760071523748904","84345845892154737372931787698978309441","60431226181566039846558058031072671782","258924427555608509877623485076006445651","92315904184697802667162103980838990962","183028196059588422966841719050723348770","68046445812426502674884377718937776856","200596549651399769646112591807560375783","298859745218031586655739669470040690961","298850413733980941384765291467650280567","205683474625643054280653533347273382641","260017044744476546030018098649380913703","244960742403957984609105102291483386988","325232135412378494987022116124803046084","308476498640837753581465973832129808662","22328810239000420906497643756816343560","158427364899356161368961254183126088364","192375223621998308980979962494999413616","339626032935950592947630484523807697179","139711232246865239965185026667743253871","152607733335757175922902328727975228035","261627642064275214676066572606520542452","107205074854239585061202210948313935174","125045581929943857211595975783629729869","32247967047973656130412413355880419226","119483698912984479060697212007500552416","57365496772295603500400722951079092909","255398501264795973989278789365485431214","39408228936777466853212333395419979935","197774500958200646326074983219268094427","339789631999511855918708357319378909896","265193411610124053766179989773680218438","52647775737253482248475601195096397633","18932204516485879841527293224070236168","119868237664800903053038755200739093169","323276816179838608279902606094204843593","264871345216473885441333060210321370763","324787572124743060955412495329858952490","327109111898894320403916162605834830051","253416149967212157794733244776159009596","329826662557877484765553635379797988114","200911600108456657536047133118442432849","274044561682603701575881658079905099171","316151007566085225370278936078514248964","78498308716374368006161942870700035971","13873507512392456607285673209947960382","2381033876907687861255631093081845791","241976520439912587031387361076660568840","140093959785124511812292778626083020004"]},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-6241317b","target":{"function":"nikon_coolscan_load_raw","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":1067,"function_hash":"115653717507673145135102755915223430553"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-70dc518a","target":{"function":"find_green","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":751,"function_hash":"57667442162703262533089126353169943675"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-73d2ade7","target":{"function":"remove_trailing_spaces","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":297,"function_hash":"201937694273306970586098713113374107009"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-8cc49bfd","target":{"function":"find_green","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":751,"function_hash":"57667442162703262533089126353169943675"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-c82a9610","target":{"function":"parse_exif","file":"dcraw/dcraw.c"},"signature_type":"Function","digest":{"length":4196,"function_hash":"45308682282860505612976499863422392872"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-ceb5ce5a","target":{"function":"samsung_load_raw","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":1126,"function_hash":"103086419786231934038413598467398813421"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-5810-ee23f9d7","target":{"function":"rollei_load_raw","file":"internal/dcraw_common.cpp"},"signature_type":"Function","digest":{"length":615,"function_hash":"30341421550248799199491593282000669188"},"source":"https://github.com/libraw/libraw/commit/fd6330292501983ac75fe4162275794b18445bd9","deprecated":false,"signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5810.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}