{ "threat_severity" : "Moderate", "public_date" : "2018-12-18T00:00:00Z", "bugzilla" : { "description" : "LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp", "id" : "1661555", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1661555" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-121", "details" : [ "There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact." ], "statement" : "This issue did not affect the versions of LibRaw as shipped with Red Hat Enterprise Linux 7 as they did not include support for Fuji maker notes.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "accountsservice-0:0.6.50-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "appstream-data-0:8-20191129.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "baobab-0:3.28.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "clutter-0:1.26.2-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "evince-0:3.28.4-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gdm-1:3.28.3-29.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gjs-0:1.56.2-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-boxes-0:3.28.5-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-control-center-0:3.28.2-19.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-menus-0:3.13.3-11.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-online-accounts-0:3.28.2-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-remote-desktop-0:0.1.6-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-session-0:3.28.1-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-settings-daemon-0:3.32.0-9.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-shell-0:3.32.2-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-software-0:3.30.6-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-terminal-0:3.28.3-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-tweaks-0:3.28.1-7.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gsettings-desktop-schemas-0:3.32.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gtk3-0:3.22.30-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gvfs-0:1.36.2-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "LibRaw-0:0.19.5-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libvncserver-0:0.9.11-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libxslt-0:1.1.32-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mozjs52-0:52.9.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mozjs60-0:60.9.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mutter-0:3.32.2-34.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nautilus-0:3.28.1-12.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "vala-0:0.40.19-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "vinagre-0:3.22.0-21.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "accountsservice-0:0.6.50-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "appstream-data-0:8-20191129.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "baobab-0:3.28.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "clutter-0:1.26.2-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "evince-0:3.28.4-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gdm-1:3.28.3-29.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gjs-0:1.56.2-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-boxes-0:3.28.5-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-control-center-0:3.28.2-19.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-menus-0:3.13.3-11.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-online-accounts-0:3.28.2-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-remote-desktop-0:0.1.6-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-session-0:3.28.1-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-settings-daemon-0:3.32.0-9.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-shell-0:3.32.2-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-software-0:3.30.6-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-terminal-0:3.28.3-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-tweaks-0:3.28.1-7.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gsettings-desktop-schemas-0:3.32.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gtk3-0:3.22.30-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gvfs-0:1.36.2-8.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "LibRaw-0:0.19.5-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libvncserver-0:0.9.11-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libxslt-0:1.1.32-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "mozjs52-0:52.9.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "mozjs60-0:60.9.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "mutter-0:3.32.2-34.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "nautilus-0:3.28.1-12.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "vala-0:0.40.19-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1766", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "vinagre-0:3.22.0-21.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "LibRaw", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-20337\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20337" ], "name" : "CVE-2018-20337", "csaw" : false }