CVE-2018-5801
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-5801
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5801.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-5801
- Downstream
- Related
- Published
- 2018-12-07T22:29:00Z
- Modified
- 2025-10-14T14:34:34Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
- References
-
- https://access.redhat.com/errata/RHSA-2018:3065
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
- https://secuniaresearch.flexerasoftware.com/advisories/79000/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
- https://usn.ubuntu.com/3615-1/
- https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "nikon_yuv_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 784.0,
"function_hash": "107028413891214520022767389805362151335"
},
"id": "CVE-2018-5801-0d045d4e"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "sinar_4shot_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "3973563765850600755684746521009306221"
},
"id": "CVE-2018-5801-1fd64b0f"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "sinar_4shot_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "3973563765850600755684746521009306221"
},
"id": "CVE-2018-5801-21d6837b"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_thumb_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 243.0,
"function_hash": "160494918233589209001810960379427370094"
},
"id": "CVE-2018-5801-2637ed87"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "foveon_sd_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 960.0,
"function_hash": "144737991149904957369473714665081941139"
},
"id": "CVE-2018-5801-27decec8"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_radc_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 4209.0,
"function_hash": "223246713781937134530843018339932879352"
},
"id": "CVE-2018-5801-3452aa7c"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "lossy_dng_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 2297.0,
"function_hash": "202245538503356998516944743852207703228"
},
"id": "CVE-2018-5801-3fa51116"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "LibRaw::unpack",
"file": "src/libraw_cxx.cpp"
},
"deprecated": false,
"digest": {
"length": 6015.0,
"function_hash": "197206491577376393885324085096235188381"
},
"id": "CVE-2018-5801-4a69848a"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_ycbcr_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 984.0,
"function_hash": "163787082309327837638368078428263567791"
},
"id": "CVE-2018-5801-53376f4d"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_c603_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 926.0,
"function_hash": "258053693770198014831738181204152304597"
},
"id": "CVE-2018-5801-587fc859"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "nikon_yuv_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 784.0,
"function_hash": "107028413891214520022767389805362151335"
},
"id": "CVE-2018-5801-5996e3df"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "imacon_full_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 766.0,
"function_hash": "166522695552084176915600078489115597785"
},
"id": "CVE-2018-5801-5e8678f9"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_ycbcr_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 984.0,
"function_hash": "163787082309327837638368078428263567791"
},
"id": "CVE-2018-5801-702a4096"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_radc_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 4209.0,
"function_hash": "223246713781937134530843018339932879352"
},
"id": "CVE-2018-5801-8154be70"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_rgb_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 687.0,
"function_hash": "15525495523015937544790174210825329364"
},
"id": "CVE-2018-5801-849bf680"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "foveon_dp_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 766.0,
"function_hash": "2862206903275483430271369263106098319"
},
"id": "CVE-2018-5801-92a1ff03"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Line",
"target": {
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"124352597106125194591251597623813245087",
"205284995094097582530856370968424278719",
"22988309875342170224409563331183752929",
"152524982112894191157422634430165024569",
"134314041729803709068108821152848661040",
"56826994616165192090472973610448379347",
"9335849157892235498825732050239788851",
"13895658195792164903745073899324943651",
"247624207005488849400082665816783079091",
"155139663208115011040635896716346474931",
"238631259715363634434111870035998372287",
"33321694872410304805578437759869438314",
"177469676614097623427955571059726029717",
"125500678768115905340447769577806592378",
"7426613730176305859336298852780303120",
"101524119203479658809510807642278449630",
"46483795846108957218451483728479491461",
"203918500306293612318249725421719062350",
"265278866704382827202670825729318647996",
"78951212272183871313650740983746536437",
"72040137193199700986915357609299583190",
"37207052900821485193484520787432001846",
"298406861113080713784553777104916175824",
"136969156965128291443653095736113578484",
"235407591583852246927127605934439653139",
"30196958699258018537772565469074963074",
"105579096636456265405734532937431786796",
"214014673505471298928868781745504967101",
"70545129739348577869896186898755704651",
"136425149642808564512258529105280230462",
"91400670279961731544970769829038102440",
"53067433816204783646723949955514109327",
"26187831458945772625088063865499582524",
"86590266928334755423253981495614712362",
"336103892140386112942258816375107482313",
"247961867312073565171760312702418044760",
"150240696824577948971417154241146358422",
"275284776873653422909872411440016382812",
"302841285493743931431551974456587418965",
"220916476889783483661247240454011667784",
"328767936967423010356050288127137669594",
"176396876015451459354376681188751172409",
"318702961172474298222340958907578471478",
"184431407562271806030802193190809065591",
"98958406534496180594480157156599910465",
"309056222066399524872352719555832460388",
"120241558432838573609845346608985953322",
"100850317300044172871758774077954143283",
"183165565249248235104004237473157430537"
],
"threshold": 0.9
},
"id": "CVE-2018-5801-9c16d055"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Line",
"target": {
"file": "src/libraw_cxx.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"292921357836884860105013238615803349359",
"307037411965088136983749293576076400084",
"43483054351564291780598603455924190391",
"339636120942977234911671384945116044918"
],
"threshold": 0.9
},
"id": "CVE-2018-5801-a02e723a"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_c330_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 971.0,
"function_hash": "214421281184207399848919388196393537141"
},
"id": "CVE-2018-5801-b9262966"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "imacon_full_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 766.0,
"function_hash": "166522695552084176915600078489115597785"
},
"id": "CVE-2018-5801-c5572fcb"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_thumb_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 243.0,
"function_hash": "160494918233589209001810960379427370094"
},
"id": "CVE-2018-5801-cdb66e9a"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "lossy_dng_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 2297.0,
"function_hash": "202245538503356998516944743852207703228"
},
"id": "CVE-2018-5801-d7470001"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_rgb_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 687.0,
"function_hash": "15525495523015937544790174210825329364"
},
"id": "CVE-2018-5801-e14431df"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_c330_load_raw",
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"length": 971.0,
"function_hash": "214421281184207399848919388196393537141"
},
"id": "CVE-2018-5801-e892d06a"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Function",
"target": {
"function": "kodak_c603_load_raw",
"file": "dcraw/dcraw.c"
},
"deprecated": false,
"digest": {
"length": 926.0,
"function_hash": "258053693770198014831738181204152304597"
},
"id": "CVE-2018-5801-f36288c1"
},
{
"signature_version": "v1",
"source": "https://github.com/libraw/libraw/commit/0df5490b985c419de008d32168650bff17128914",
"signature_type": "Line",
"target": {
"file": "internal/dcraw_common.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"124352597106125194591251597623813245087",
"205284995094097582530856370968424278719",
"22988309875342170224409563331183752929",
"152524982112894191157422634430165024569",
"134314041729803709068108821152848661040",
"56826994616165192090472973610448379347",
"9335849157892235498825732050239788851",
"13895658195792164903745073899324943651",
"247624207005488849400082665816783079091",
"155139663208115011040635896716346474931",
"238631259715363634434111870035998372287",
"33321694872410304805578437759869438314",
"177469676614097623427955571059726029717",
"125500678768115905340447769577806592378",
"7426613730176305859336298852780303120",
"101524119203479658809510807642278449630",
"46483795846108957218451483728479491461",
"203918500306293612318249725421719062350",
"265278866704382827202670825729318647996",
"78951212272183871313650740983746536437",
"72040137193199700986915357609299583190",
"37207052900821485193484520787432001846",
"298406861113080713784553777104916175824",
"136969156965128291443653095736113578484",
"235407591583852246927127605934439653139",
"30196958699258018537772565469074963074",
"105579096636456265405734532937431786796",
"214014673505471298928868781745504967101",
"70545129739348577869896186898755704651",
"136425149642808564512258529105280230462",
"91400670279961731544970769829038102440",
"53067433816204783646723949955514109327",
"26187831458945772625088063865499582524",
"86590266928334755423253981495614712362",
"336103892140386112942258816375107482313",
"247961867312073565171760312702418044760",
"150240696824577948971417154241146358422",
"275284776873653422909872411440016382812",
"302841285493743931431551974456587418965",
"220916476889783483661247240454011667784",
"328767936967423010356050288127137669594"
],
"threshold": 0.9
},
"id": "CVE-2018-5801-f7cfda82"
}
]
}