CVE-2018-10529

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10529
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10529.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10529
Downstream
Related
Published
2018-04-29T03:29:00Z
Modified
2025-10-21T02:36:55Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in librawx3f.cpp and librawcxx.cpp.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
        "target": {
            "file": "internal/libraw_x3f.cpp"
        },
        "id": "CVE-2018-10529-591e5ed5",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "240862160085993003600434182227685094653",
                "158369060048286771248314680748371968292",
                "97113461682042654376990464299999966361",
                "29261631343733417072971860717578375845",
                "339885308485634563600554458416818826136",
                "323078013577982571728615220657221385471",
                "86076383069500532027485707454034209862",
                "316243266872512009550079486404996310428",
                "85204445983169512942768942995382567613",
                "139827416562017523666777119347415400117",
                "226114661174059044347940110295779940323",
                "312707862860971573665707848943754494193",
                "318251517465902680941429029892041577448",
                "151795081915003604379575167857052292848",
                "268917060250854548848580387657766368198",
                "269284681623973029004809318799018363969",
                "130129417217373137053532091335928812102",
                "142969646364091941053311453222596374645",
                "10368222683834136076767704468247342142",
                "132374683003806414528497221874129881729",
                "114315440959363075544748912500113590470",
                "66233697662997032906485154722264734887",
                "1198970710821988405490492171003412062",
                "151718378019123133221266697796754342604",
                "63896756124240935624391526338574354195",
                "137157358283057484190149570639629929674"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
        "target": {
            "function": "LibRaw::parse_x3f",
            "file": "src/libraw_cxx.cpp"
        },
        "id": "CVE-2018-10529-71aa6d57",
        "signature_type": "Function",
        "digest": {
            "function_hash": "139078084317845080823012408604288713066",
            "length": 5561.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
        "target": {
            "function": "x3f_load_property_list",
            "file": "internal/libraw_x3f.cpp"
        },
        "id": "CVE-2018-10529-8336e6d9",
        "signature_type": "Function",
        "digest": {
            "function_hash": "116446325389743313282843666121866560994",
            "length": 674.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
        "target": {
            "function": "x3f_delete",
            "file": "internal/libraw_x3f.cpp"
        },
        "id": "CVE-2018-10529-95a0eb2e",
        "signature_type": "Function",
        "digest": {
            "function_hash": "214791853866619832009050408861689491417",
            "length": 1474.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c",
        "target": {
            "file": "src/libraw_cxx.cpp"
        },
        "id": "CVE-2018-10529-a31cfece",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "40818646843373079837247003281549386162",
                "256221859826004224259744393469590061204",
                "49067652593416517873450475657797997025",
                "150902004042096981754329473733521661398",
                "36172164629433102534438106320777277653",
                "72217831412331383429054205047958677060",
                "124201910794061763184229475466790558399",
                "208361473963240830842824678370307248197",
                "206479895672243440599142812359499313896",
                "117690676383352947772199214911752666272",
                "318651842328511367245984644084605261777",
                "212450244810660430944116050595376638016",
                "122513729897260850221728284977472669624"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]