An error within the "parsetiffifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
{ "urgency": "not yet assigned" }