CVE-2017-14608 — Vulnetix

CVE-2017-14608 PUBLISHED

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

EPSS 0.32% · 55.1th percentile

Risk Scores

EPSS Score

0.32%

55.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	libraw	0.16.2-1, 0, 0.17.0-1
Ubuntu:24.04:LTS	exactimage	1.0.2-11build2, 1.0.2-11build8, 1.0.2-11build9
Ubuntu:22.04:LTS	darktable	3.8.0-3build2, 0, 3.8.1-1
Ubuntu:22.04:LTS	dcraw	9.28-3, 9.28-2, 0
Ubuntu:14.04:LTS	libraw	0.15.4-1, 0, 0.15.3-1ubuntu1
Ubuntu:18.04:LTS	darktable	2.4.0-1, 2.4.2-1, 2.4.1-1
Ubuntu:20.04:LTS	kodi	, , 2:18.6+dfsg1-2ubuntu1
Ubuntu:24.04:LTS	kodi	2:20.5+dfsg-1build2, 2:20.3+dfsg-1, *
Ubuntu:22.04:LTS	rawtherapee	5.8-3, 0
Ubuntu:16.04:LTS	rawtherapee	4.2-2build1, 4.2-4, 0
Ubuntu:18.04:LTS	kodi	2:17.6+dfsg1-1ubuntu1, 0, *
Ubuntu:25.10	kodi	0, *, 2:21.2+dfsg-1build2
Ubuntu:22.04:LTS	kodi	*, 2:19.3+dfsg1-1build5, 2:19.3+dfsg1-1build2
Ubuntu:20.04:LTS	exactimage	1.0.2-3, 0, 1.0.2-5ubuntu1
Ubuntu:16.04:LTS	ufraw	0.20-3build1, 0
Ubuntu:22.04:LTS	exactimage	1.0.2-8, 0, 1.0.2-8build3
Ubuntu:25.10	dcraw	9.28-8, 0
Ubuntu:18.04:LTS	exactimage	0, 1.0.1-1, 0.9.2-1build1
Ubuntu:20.04:LTS	rawtherapee	5.6-1, 5.7-1, 5.8-1
Ubuntu:25.10	rawtherapee	0, 5.11-2build2

…and 14 more

Timeline

Sep 20, 2017 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 11, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-14608 third-party-advisory
https://ubuntu.com/security/notices/USN-3492-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2017-14608 third-party-advisory

Open in Interactive Console →