{ "threat_severity" : "Low", "public_date" : "2018-12-13T00:00:00Z", "bugzilla" : { "description" : "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", "id" : "1661608", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1661608" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop." ], "affected_release" : [ { "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date" : "2020-02-18T00:00:00Z", "advisory" : "RHBA-2020:0547", "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7", "package" : "ansible-tower-34/ansible-tower-memcached:1.4.15-28" }, { "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date" : "2020-02-18T00:00:00Z", "advisory" : "RHBA-2020:0547", "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7", "package" : "ansible-tower-35/ansible-tower-memcached:1.4.15-28" }, { "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date" : "2020-02-18T00:00:00Z", "advisory" : "RHBA-2020:0547", "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7", "package" : "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "accountsservice-0:0.6.50-5.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "cairo-0:1.15.12-4.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "desktop-file-utils-0:0.23-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "glib2-0:2.56.1-5.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-boxes-0:3.28.5-4.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-documents-0:3.28.2-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-initial-setup-0:3.28.0-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-session-0:3.28.1-7.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-settings-daemon-0:3.28.1-4.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-shell-0:3.28.3-11.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gnome-shell-extensions-0:3.28.1-7.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "libgnomekbd-0:3.26.0-3.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "libkdcraw-0:4.10.5-7.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "LibRaw-0:0.19.2-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "mutter-0:3.28.3-10.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nautilus-0:3.26.3.1-6.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pango-0:1.42.4-3.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pidgin-0:2.10.11-8.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "plymouth-0:0.8.9-0.32.20140113.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "shotwell-0:0.28.4-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHBA-2019:2044", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "xchat-1:2.8.8-24.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "LibRaw", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-5818\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5818" ], "name" : "CVE-2018-5818", "csaw" : false }