Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2020-22628

Medium priority

Some fixes available 1 of 47

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2023-1729

Medium priority

Some fixes available 6 of 58

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Fixed Fixed Fixed Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2021-32142

Low priority

Some fixes available 6 of 58

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Fixed Fixed Fixed Vulnerable Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35535

Medium priority
Needs evaluation

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35534

Medium priority
Needs evaluation

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35533

Medium priority

Some fixes available 2 of 53

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35532

Medium priority

Some fixes available 2 of 53

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35531

Medium priority

Some fixes available 2 of 53

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35530

Medium priority

Some fixes available 2 of 53

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-19858

Medium priority
Needs evaluation

Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy.

3 affected packages

digikam, kodi, xbmc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xbmc Ignored
Show less packages