#VU11767 NULL pointer dereference in LibRaw - CVE-2018-5801

Cybersecurity Help s.r.o.

Published: 2018-04-11

Vulnerability identifier: #VU11767

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5801

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibRaw
Universal components / Libraries / Libraries used by multiple products

Vendor: LibRaw LLC

Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the unpack function src/libraw_cxx.cpp due to incorrect handling of photo files. A remote attacker can submit a specially crafted photo file, trigger NULL pointer dereference and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version 0.18.7.

Vulnerable software versions

LibRaw: 0.18.0 - 0.18.6

External links
https://packetstormsecurity.com/files/cve/CVE-2018-5801

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for libkdcraw

Fedora 28 update for dcraw

Fedora 27 update for dcraw

Denial of service in libraw